COMPUTERWORLD 


THE NEWSPAPER FOR IT LEADERS = WWW.COMPUTERWORLD.COM 


[ have patience 


pills in my 
desk, and I take 
alot of them. 


JEAN HOLLEY, USG 


As USG’s first CIO and one of the few officers brought in from the 
outside at the construction materials maker, Jean Holley faced a daunting set 
of challenges: fast-forwarding the company’s legacy-bound IT infrastructure 
into the 21st century, bringing rogue IT workers into the fold and abolishing 
the company’s view of IT as an administrative function. 

Profile by Kathleen Melymuka begins on page 24. 


USERS VOICE DOUBTS ON JAVA SPEC 


They say say J2EE 1.3 3 lacks 
Web services support 


BY LEE COPELAND 

Aiming to improve connectivi- 
ty and make it easier to man- 
age Enterprise JavaBeans, Sun 


Microsystems Inc. 


released 


13 specification, 
building block for Java-based | 


application servers. 
But while J2EE 1.3 addresses 


some key 


integration 


LeDesDesDocesEUEDoccaldecdUecedelecteatsclaldlial 
SEXBBIFTS S8RRKECAR-RT LOTHEB-852 


PROQUEST 
PO BOX 984 


NEWSPAPER 


848186P0Q984PBO068 NOUV 62 864 


39-5 


ANN ARBOR MI 48186-8984 


6959 


98 


last week 


| an enhanced version | 
of its Java 2 Enterprise Edition 


the 


basic | 


issues, | 


users and analysts said it lacks 
sufficient Web services sup- 


| port features, which are critical 
| for letting 


applications swap 
functionality over the Internet. 

“There are some issues with 
J2EE that are evolving still, and 
personally, I would not jump 


into it right now for that rea- | 
said George Mizzi, appli- | 


son,” 
cation infrastructure manager 


at New York-based Sanford C. | 
| Bernstein & Co. Mizzi said the 
| lack of Web services support is 
| the most significant hole in the 
| J2EE specification. 


The $850 million investment 
management firm recently 
built a trading desk application 


that uses Web services in the | 


Java Spec, page 61 


| project is on hold, 


| self-service 


| nected systems. 





YCTOBER 


FLIGHT FEAR 
Seer ty LECH 
PLANNING 


Projects to simplify 
check-in jeopardized 


BY JENNIFER DISABATINO 
Before the hijacking of four 


commercial airplanes on Sept. 


ll, the biggest IT imperative 


| for most carriers was leverag- 


ing technology to get passen 
gers through the pga and 
aboard their flights as 
quickly as possible. 
Now, under 
stringent security sant - 
key 
and others 


lines, at least one 
are being reconsidered. 

In April, United Air Lines 
Inc. in Chicago announced that 
it would install more than 1,100 
kiosks in 25 
ports over the next two years 

Projects, page 14 


air- 


ONLINE ATTACK 
CONCERNS GROW 


| Experts urge vendors to 


boost product s¢ security 


BY PATRICK THIBODEAU 
WASHINGTON 


The war on terrorism could 


| increase the number of cyber- |= 


attacks aimed at U.S. firms 
already struggling to repair a 
rapidly escalating array of vul- | 
nerabilities to Internet-con- 
| 


It’s the cyberequivalent of |2 
the “perfect storm,” the merg- 
Online Attacks, page 61 | 


lz 


Boeing eyes broadband 
to improve security 
BY JAMES COPE 


With 
down and concerns about 


airline passenger traffic 
air- 
plane security rising following 
the Sept. ll terrorist attacks on 
the U.S., Phil Condit, chairman 
and CEO of T 
Co., 
plans to use broadband 


up 


he Boeing 
last week disclosed 
technology to beef 
security on aircraft. 

“Part of the challenge now is 
not putting things off,” Condit 
said, speaking 
corporate headquarters here. 
“We're asking, ‘How 
ahead to make the [air- 
line] system more secure and 
Boeing, page 14 


at Boeing’s new 


do we 


move 


Some past incidents: 
> Hacker activity increased after a 


U.S. spy plane was captured by 
China in April. 


> NATO Web servers received sus- 
tained ping saturation and DDOS 
attacks during air strikes in Kosovo 
and Serbia last year. 


> Web site defacements in Israel 
increased as the Palestinian conflict 
worsened. 

What might attackers do now? 
> Deface Web sites. 


»Launch DDOS attacks. 


>Use worms and viruses to exploit | 
vulnerabilities. 





/ 


| 
i] 
The coveted five nines. In the past, 
only a precious few were allowed to see them. 


99.999% uptime. For a server operating system, it’s a measure of reliability that translates into just over five minutes of server downtime per 
year.* For your business, that means servers are up and running when people need them. Of course, rumors of this 99.999% uptime usually 
start under ideal lab conditions. But where are these five nines when your business needs them? If you’re using Microsoft® Windows® 2000 


Server-based solutions, they may be closer than you think. Today Starbucks, FreeMarkets and MortgageRamp, an affiliate of GMAC Commercial 


er hardware and software technologies. rssion-critical operational processes and professional services. 





Mortgage, are using Windows 2000 Server-based systems designed to deliver 99.999% server uptime. Of course, not all installations require this 


level of reliability, but one thing is for sure: The Windows 2000 Server family can help you get to the level of reliability you need. In fact, industry leaders 


such as Compaq, Dell, Hewlett-Packard, IBM, Unisys, Stratus and Motorola Computer Group can work with you to deliver solutions with up to five nines 


uptime. To learn more about server solutions you can count on, visit microsoft.com/windows2000/servers 





ca smart Program Guideline: 


The ca smart logo is only to be used by CA 
partners for innovative eBusiness products 
or solutions on which CA technology resides, 
is acomponent of, or is otherwise integrated. 
Which would not include sporting goods 


For more information, visit ca.com/casmart. 


ca) Computer Associates™ 


©2001 Computer Associates International, Inc. (CA). All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. 





NEWS 6 


6 Supply chain managers find 
that they need to build terrorism 
scenarios into their planning. 


7 The federal government looks 
to advanced smart-card technology 
to prevent identity fraud. 


8 Most cellular carriers will miss 
today’s deadline for compliance 
with the FCC’s location-finding 
regulations. 


9 Firms automate to flag financial 


transactions by known terrorists. 


10 Microsoft responds to Gart- 
ner’s advice that users should con- 
sider alternatives to Microsoft’s 
Internet Information Server. 


12 Fidelity gears up for this 
month’s massive conversion of 
its data to an XML format. 


; k For breaking news, updated 
1c twice daily at noon and 5 
I © p.m., visit the Computer- 
] world.com Web site 


www.computerworld.com/q?q4000 


DIGITAL CRIMINAL 
CASE RECORDS 


The Queens County, N.Y., 
District Attorney’s Office 
has replaced paper records 
for the 50,000 criminal cases 


it handles each year with 
a Linux-based document- 
imaging system, says Robert 


Schlesinger, director of in 


formation services. PAGE 46 


OCTOBER 1, 2001 


COMPUTERWORLD 


BUSINESS = 23 


23 Paul A. Strassmann says that 
in the wake of the attacks on the 
U.S., protecting the Internet is of 
vital importance to business. 


24 Jean Holley has spent three 
years transforming a 1970s-style IT 
operation at USG into a true part- 
nership with its business units. 


28 Brick-and-mortar companies 
that lost IT staffers to dot-com 
firms are welcoming them back 
with open arms — and many of 
the perks that lured them away. 


30 Ford and UPS are six months 
ahead of schedule with their plans 
to speed the delivery of new cars 
and trucks from factories to deal- 
ers, thanks to a Unix-based logis- 
tics package. 


40 Workstyles: IT staffers at 
Philip Morris know better than 
anyone that their company is more 
than a maker of tobacco products, 
since they support technical opera- 
tions for five divisions. 


TECHNOLOGY 43 


44 With privacy a growing con 
cern, IT managers are looking to 
closely manage access to their 
largest repositories of information: 
data warehouses. 


48 Hands On: Reviews editor Rus- 
sell Kay looks at gadgets that can 
make life easier and more produc- 
tive for users who must travel with 
computers. 


49 QuickStudy: Transaction pro- 
cessing is the unambiguous and 
independent execution of a set of 
operations on data in a relational 
database. Find out more in this 
week’s primer. 


50 Security Journal: Mathias 
Thurman dives into security 
testing on his company’s newly 
redesigned Web site. 


51 Emerging Companies: RLX 
Technologies’ compact blade 
servers promise to cut power re- 
quirements and conserve space 
in Internet data centers. 


SECURITY 
AMBASSADORS 


As companies increasingly 
put security in the hands of 
systems spec ialists, they 


need IT liaisons, such as 


Leslie Peckham of American Family Mutual 
Insurance, who can help business units and I'l 


understand each other’s needs. PAGE 36 


Patricia Keefe says IT will be 
at the center of the national debate 
on how far we should go to provide 
authorities with unfettered access 
to personal data. 


Pimm Fox warns that compa- 
nies’ lack of IT preparedness for 
disasters amounts to another 
tragedy waiting to happen. 


Thornton May writes that secu 
rity professionals must learn how 
to communicate the message of 
better information security, if busi- 
ness executives are to improve at 
practicing it. 


Frank Hayes says a Gartner 
analyst made a gutsy call in recom- 
mending that IT shops look for 
alternatives to IIS. But do Micro- 
soft and Bill Gates have the guts to 
make a better server? 


Editorial/Letters 20, 21 
How to Contact CW 60 
Company Index 60 
Shark Tank 62 


WWW.COMPUTERWORLD.COM 


ATTACK AFTERMATH 


For the latest Computerworld arti 
cles about the aftermath of the 
Sept. ll terrorist attack, visit our 
special coverage page. 
www.computerworld.com/q?a1030 


_ NATIONAL 1D? 


What do you think about the idea of 


implementing a national identifica 
tion card system as a way to help 
stop terrorism? Post your opinion in 
our online discussion forum. 
www.computerworld.com/q?a1040 


TRAVEL CHECKLIST 


If you're going on a business trip, 
see reviews editor Russell Kay’s 
checklist for must-have laptop 
accessories. 
www.computerworld.com/q?23255 


CRM COVERAGE 


For news, analysis and resources 
about customer relationship man 
agement, head to our CRM Knowl 
edge Center. 
www.computerworld.com/q?k1300 





Wate 


Court Pushes for 
Microsoft Settlement 


U.S. District Court Judge Colleen 
Kollar-Kotelly ordered Microsoft 
Corp. and the government to meet 
“around the clock” in an attempt to 
settle the antitrust case against the 
software vendor. The judge gave the 
two sides until Oct. 12 to reach an 
agreement on their own. If they 
don't, she said, a mediator will be 
called in and given until Nov. 2 to 
help produce a settlement. 


EDS Adding Portal to 
Navy/Marine Intranet 


The U.S. Navy gave Electronic Data 
Systems Corp. a $9 million contract 
to add a Web portal to the $6.9 bil- 
lion Navy/Marine Corps Intranet 
project, which is being managed by 
the Plano, Texas-based IT services 
firm. EDS will manage the land- 
based implementation of the portal, 
and the Navy will be in charge of the 
at-sea portion. 


StorageTek Set to 
Ship Faster Tape Drive 


Louisville, Colo.-based Storage 
Technology Corp. next week plans 
to release a new tape drive that 
supports data transfer rates of 2G 
bit/sec. Tape drives previously were 
limited to 1G bit/sec. transfer rates, 
which hindered the performance of 
storage-area networks. 


Short Takes 


Tokyo-based technology vendor 
NEC CORP. cut its revenue forecast 
and said it now expects to report a 
loss of about $1.3 billion for its 
fiscal year ending in March, after 
previously predicting a profit of 
more than $500 million. . . . CLAR- 
ENT CORP., a Redwood City, Calif.- 
based maker of technology for use 
in converged voice and data net- 
works, slashed its projected third- 
quarter revenue total by more than 
50%. Clarent also said it’s laying 
off about half of its 700 workers. 


| such systems may 
| changed 


NEWS 


Supply Chains Face 
Changes After Attacks 


Users may need more flexible systems 


BY MARC L. SONGINI 


OME COMPANIES last 
week said automated 
supply chain systems 
are minimizing the 
immediate impact of 
the Sept. ll terrorist attacks in 


the U.S. on their global supply | 
| and distribution networks. But 


users and analysts warned that 
need to be 
to provide 
term answers to the uncertain- 


| ties created by the attacks. 


| sembly 


| deliver 


| Council 





With ground and air trans- 
portation schedules more er- 


ratic now and customs clear- 


ances taking longer to com- 


plete, many companies are be- | 


ing challenged to keep their as- 


lines supplied with 
product components 
service and mainte- 
nance parts to their customers. 

Supply chain systems may 


require redesigns so compa- 


nies can do a better job of han- | 


dling “surge and ebb” 


tions in product demand and | 


stock availability, said Scott 


| Stephens, chief technology of- 
Supply-Chain | 
Pittsburgh- | 


ficer at the 
Inc., a 


based industry consortium. 


Users and vendors will also | 


have to work on making supply 


| chain systems more disaster 


ready, said Michael Bittner, an 


| analyst at AMR Research Inc. 


in Boston. For example, com- 


panies should build automated | 


alternative sourcing functions 
into their systems, he said. 
Technology that can generate 
international trade compliance 
documents is also becoming 
more critical for users, Bittner 


| added. 


When all flights in the U.S 
were temporarily stopped after 
the attacks, NCR Corp. quickly 
switched from airborne carri- 
ers to ground transportation. 
The Dayton, Ohio-based tech- 
nology vendor has also had to 
deal with the loss of a shared 


longer- | 


and to 


situa- | 





distribution facility 
Atlanta-based United 
that was lo- 
cated hundreds of feet 
from the World Trade Center 
in New York, said Todd Bollen- 
bacher, vice president of ser- 


product 
run by 
Parcel Service Inc. 
just 


vice design and lo- 
gistics at NCR. 
Fortunately, NCR 
able to imple- 
ment Y2k contingen- 
cy plans supported 
by its supply chain 
and procurement 
system, which is 
based on applica- 
tions from Oracle 
Corp. and Fairport, 
N.Y.- Xelus 


was 


based 


JOHN STOCK: 

HON Industries cut 
rush delivery ship- 
ment times in half. 


Inc., plus proprietary software. 


Recoding product shipment la- | 
Bollen- | 


bels took only hours, 
bacher said. 

But more changes may fol- 
low. NCR is looking at tweak- 
ing its distribution systems so 
they take the longer delivery 
times of ground-based trans- 


portation into account 


customers, he said. 


And the company is | 


considering _ retool- 


ing how products are | 


distributed to its own 
warehouses, 
would also 
systems changes. 

In addition, Bol- 


would like to see 


Chemical Exchanges Put 
Security Under Microscope 


Systems reassessed 
in wake of attacks 


BY MICHAEL MEEHAN 
Online marketplaces designed 
to speed business-to-business 
transactions in the chemicals 
industry 
examine their security systems 
to lock for blind spots that 
could allow terrorists to obtain 
potentially deadly substances. 

John Beasley, chairman and 
founder of ChemConnect Inc., 
said the San Francisco-based 
online exchange launched a 
full-scale investigation into its 
user screening and approval 
practices after the Sept. ll ter- 
rorist attacks on the U.S. 

“It will probably take a few 
weeks [to finish the probe], be- 
cause we're trying to figure out 
what we're not doing,” Beasley 
said. “What we're looking for is 


are now rushing to | 


scouring of its security prac- | 





not obvious. To a degree, you 
have to think like a terrorist to 
figure it out.’ 


CheMatch.com Inc. in Hous- 


ton has initiated a_ similar 


tices and _ technology, said 
Michael Ereli, vice president of 


technology at the ChemCon- | 


nect rival. 

CheMatch previously decid- 
ed against requiring the use of 
digital certificates or biomet- 
ric identifiers by people who 
process transactions through 
its systems. But that’s “the first 
thing we're taking a second 
look at,” Ereli said. “It seemed 
too cumbersome at the time, 
but everything’s changed now.” 

According to Beasley, the ba- 
sic key to security for a busi- 
ness-to-business exchange is 
to gain familiarity with those 
who are trading goods in the 
largely faceless world of 
e-commerce. ChemConnect 


when | 
| setting shipment dates for its | 


which | 
require | 


lenbacher said he | 


procurement sys- | 
tems that support au- | 


|} on US. 





COMPUTERWORLD October 1, 2001 


alterna- 
he 


tomated selection of 
tive suppliers. Currently, 
noted, the system’s software re- 
| quires some manual program- 
ming to switch vendor codes. 

John Stock, vice president of 
distribution and logistics at 
HON Industries Inc., said the 
Muscatine, Iowa-based office 
furniture maker used a capaci- 
ty and supply chain planning 
from SynQuest 
Inc. in Norcross, Ga., to cut its 
delivery lead times on rush 
shipments from two weeks to 
five days immediately follow- 
ing the terrorist attacks. 

The software provides “im- 
mediate visibility to capacities 
and shipping lanes, and in the 
past, we didn’t have that,” Stock 
said. With the software in 
place, he added, workers “did- 
n’t have to get on the phone and 
check capacity availability to 
fulfill orders.” D 


application 


For access to addi- 
tional resources, visit 


ICK 
our Supply Chain/ERP 


| minke Knowledge Center 


www.computerworld.com/q?k2000 


checks business licenses, haz- 
ardous-materials certifications 
and company profiles for every 
new user of the site, he said. 

The exchange also blocks 
users from countries that are 
Department of State 
warning lists and cross-checks 
new users against FBI warning 
lists, Beasley said. 

But ChemConnect started as 
an industry bulletin board for 
companies informally seeking 
new business partners and is 
still sometimes used in that ca- 
pacity. That type of usage has 
drawn federal attention since 
the inception of the company’s 
Web site, Beasley said. Firms 
using the site as a bulletin 
board are expected to screen 
their potential trading partners 
themselves, he added. 

Owen Kean, director of on- 
line communications at the 
American Chemistry Council 
Inc., a lobbying and safety 
guidelines group in Arlington, 
Va., noted that the chemicals 
industry is reviewing how se- 
curely it trades toxic, caustic 
and explosive materials. “Even 
what we thought was good may 
not be good enough,” he said. D 





COMPUTERWORLD October 1, 2001 


NEWS 


Feds Consider New Antiterrorist Smart-Card Technology 


But national ID cards face strong opposition 


BY DAN VERTON 
The ability of the Sept. 11 ter- 
rorists to obtain forged identi- 
fications and airport creden- 
tials has prompted the federal 
government 
technologies for authenticat- 
ing the identities of airline pas- 
sengers and employees, avia- 
security 
federal employees with access 


to consider nev 


tion personnel and 
to secure facilities. 

The White House reiterated 
last week that it has no plans to 
introduce a national ID card. 
But officials from the Justice 
Department and other federal 
agencies, along with House mi- 
nority leader Richard Gephart 
(D-Mo.), are clearly interested 
in ID card technology. Last 
week, they invited Dan Kehoe, 
president and CEO of 
Gatos, Calif.-based UltraCard 
Inc., to Washington to demon- 
strate his company’s UltraCard 


Los 


smart-card technology. 

Security officials are inter- 
ested in the UltraCard because 
it has unique storage capabili- 
ties that overcome the limita- 
tions of current smart cards to 
store multiple sets of biomet- 
ric data, such as fingerprints, 
high-resolution iris scans and 
voiceprints. 


The UltraCard is capable of 


storing 20MB of data, whereas 
traditional smart cards store 
only 64KB. The lack of storage 
capacity has been the main 
stumbling block in the use of 
biometrics in smart cards, said 
Don Mann, chief technology 
officer at UltraCard. 

“To do full security without 
acceptance, 
more than one biometric,” said 
Mann. “You need more than 
one fingerprint; [you need] a 
virus scan and a high level of 
encryption,” he said. It takes 
120KB to store a single FBI-lev- 
el fingerprint, Mann said. 

The Bush administration’s 
reluctance to push for a nation- 
al ID card comes as no surprise 
to those familiar with the 
thorny political sur- 


false you need 


issues 


rounding the proposal. The 
Clinton administration and 
Congress entertained the idea 
in 1998, when agencies sug- 
gested using ID cards to track 
information on foreign work- 
ers, health care recipients and 
parents behind in 
child support payments. Past 
legislative proposals failed due 
to concerns about potential 
privacy violations, but the 
Sept. ll terrorist attacks have 
rekindled the debate. 
The idea of a national ID 
card is not without its 
proponents. Oracle 
Corp. CEO Lar- 
ry Ellison 
has_ of- 


who are 


ULTRACARD 
can store 20MB of 
data, rather than the typical 64KB. 


fered the government the soft- 
ware necessary to build the in- 
frastructure for a national ID 
card system free of charge. 

An Oracle spokesman con- 
firmed pledge but 
said the company had no de- 


Ellison’s 


tails on the type of software EI- 
lison had in mind. 

Ellison’s suggestion to build 
a central database has been 
one of the key areas of concern 
for members of Congress and 
The Ultra- 
Card, on the other hand, would 
avoid that problem by enabling 
authorities to conduct local au- 
thentication without having to 
transmit biometric data across 
the Internet “to a hackable 
database,” said Mann. 
the biometrics and algorithms 
could be stored on the card. 

Donna Farmer, CEO of the 
New York-based Smart Card 
Alliance, an industry group 
representing 185 technology 
providers, said that while she 


privacy groups. 


isn’t familiar with the details of 


the UltraCard’s capabilities, 


Legislation Pushed to Track 
Terrorists Over Networks 


BY PATRICK THIBODEAU 
NASHINGTON 

The Bush administration is 
seeking quick action by Con- 
gress on a sweeping set of anti- 
terrorism laws intended in part 
to make it easier for law en- 
forcement agencies to track 
communications over phones 
and computer networks. 

The proposal expands the 
government’s wiretap authori- 
ty, allowing law enforcement 
agencies to seek one order to 
track communications in any 
jurisdiction and over any tech- 
nology. In short, it gives en- 
forcement agencies the ability 
to monitor an individual, re- 
gardless of what form of com- 
munication — landline, e-mail 
or cell phone — a suspect uses. 

But the proposal doesn’t ad- 
dress encryption, which is at- 
tracting increasing legislative 


interest. Lawmakers are inves- 
tigating whether encryption 
software should be developed 
with back doors that could be 
opened with a court order. 

The current law requires in- 
vestigators to seek court ap- 
proval in each jurisdiction for 
each device being monitored. 
That law is “ill-adapted for use 
in communications over multi- 
ple cell phones and computer 


og Remetes 


laws to Congress last week. 


All of 


many of the 64KB cards that 
are now available are multiple- 
application cards and have 
some capabilities to support 
biometrics and multiple en- 
cryption-key processing. 

In fact, the Defense Depart- 
ment in May began rolling out 
7,000 smart cards as part of its 
Common Access Card (CAC) 
program. The CAC uses pub- 
lic-key infrastructure certifi- 
cates and a database 
known as the Real-time Auto- 
mated Identifica- 
tion System. Fingerprint im- 
ages, however, aren’t stored on 


central 


Personnel 


the card for privacy reasons. 

According to Farmer, the 
policy issues surrounding per- 
sonal privacy and the develop- 
ment of a national ID card re- 
main the driving force behind 
the reluctance to expand the 
technology’s use. 

“There are a lot of issues that 
get wrapped up in the national 
ID discussion that have noth- 
ing to do with the technology,” 
who has also 


said Farmer, 


networks,” said Attorney Gen- 
eral John Ashcroft at a House 
Judiciary Committee meeting 
last week. 

“We're not asking the law to 
expand, just to grow as tech- 
nology grows,” he said. Terror- 
ists using networks to mask 
communications have a 
petitive advantage,” he added. 

Lawmakers, while eager to 
give law enforcers the legal 
tools they need, are worried 
that some of the measures may 
not hold up in court. “Some 
have said it’s unconstitutional 
said Rep. John 
Conyers (D-Mich.). “Let me be 
more polite: We're troubled; 


“com- 


on its face,” 


a ret picnge of bw cantnrvorion 


Wiretapping: Current law restricts wiretaps to certain locations. Pro- 
posed change would let investigators get a single order to track communica- 
tions across multiple jurisdictions and over different types of systems. 
Broader definition: Expands the definition of terrorists to include 
those who lend support to terrorist organizations and gives federal immigra- 
tion authorities the power to detain suspects. 


| TE REEDED SEBS BE LLIN EIEN AIEEE 
Getting Carded 

How the UltraCard compares 
with a traditional smart card: 


UltraCard: 20MB of storage 
Smart card: 64KB of storage 


UltraCard: Applies hard 
disk drive technology to 
credit card-size smart card. 
Smart card: Cost and size in- 
crease along with capacity. 


UltraCard: $5 to $6 
UltraCard Reader: $100 


served as legal counsel to the 


House Science Committee. 
“We still have all of the policy 
and procedure that 
we've had before. We’re trying 


to be sensitive to the fact that 


issues 


it’s still just a tool, and it won't 
fix every possible problem.” 

UltraCard plans to ship the 
first set of cards to government 
agencies in China and Europe 
in the first quarter of next year. 
However, production could be 
placed on a fast track for deliv- 
ery in the U.S. at the same time 
or sooner, Kehoe said. B 


we're deeply troubled.” 

A key concern is that the law 
goes beyond terrorists and 
could be used in the prosecu 
tion of routine criminal cases. 
One provision that’s raising 
eyebrows would allow U.S 
prosecutors to use wiretap in- 
formation obtained by foreign 
governments, even if the col- 
lection of that information vio- 
US. 


protections. Others critics say 


lates search-and-seizure 
the proposal would justify the 
broad use of Carnivore, the 
FBI’s e-mail search technology. 

Jerry Berman, who heads the 
and 


Center for Democracy 


Technology, a privacy rights 
group in Washington, 
there may be a need for new le- 
gal authorities. “But there is 
potential collateral 
damage to our Constitution 
and civil liberties in the attor- 
ney general’s bill,” he said. 
Civil 
are worried that this legisla 


said 


serious 


libertarians said they 
tion may move through Con- 
gress too fast. But final action 
on the bill 
weeks away. D 


may be several 





ICANN Meeting Will 
Tackle Net Security 


The Internet Corporation for 
Assigned Names and Numbers 
(ICANN) said it plans to go ahead 
with meetings scheduled next 
month in Marina del Rey, Calif., de- 
spite the Sept. 11 terrorist attacks. 
But because of the attacks, ICANN 
added, the meeting’s agenda will 
now focus on the stability and secu- 
rity of the Internet's naming and 
addressing systems. 


First .info Internet 
Sites in Operation 


The first 52,000 Internet domain 
names registered under the new 

.info top-level domain have become | 
operational, allowing companies to 
start using those addresses for their 
Web sites. Of the seven new top- 

level domains approved last year by 
ICANN, .info is the first to go live. 

It’s being managed by Dublin-based 
Afilias Ltd. 


Yahoo Adds Online 
Conference Service 


In the aftermath of the terrorist at- 
tacks, Sunnyvale, Calif.-based Ya- 
hoo Inc. announced a pair of corpo- 
rate Internet broadcast services 
aimed at providing alternatives to 
business travel. Included is a ser- 
vice called Virtual Conference, 
which Yahoo said will let compa- 
nies hold online conferences with 
thousands of participants. 


Short Takes 


HEWLETT-PACKARD CO. won a 
three-year, $185 million contract to 
provide IT services at seven opera- 
tions centers owned by Finland- 
based mobile phone maker NOKIA 
CORP. . . . A 21-year-old Nether- 
lands resident who created the 
Anna Kournikova e-mail worm that 
spread last February was sentenced 
by a Dutch court to perform 150 
hours of community service or 
spend 75 days in jail. 


NEWS 


COMPUTERWORLD October 1, 2001 


Agencies Urge Quick Rollout 
Of Wireless Location Service 


Public-safety organizations implore FCC 


to uphold start date for Enhanced 911] 


BY BOB BREWIN 
N ANTICIPATION OF 
day’s deadline, three na- 
tional public-safety or- 
ganizations last week 
urged the Federal Com- 


to- 


munications Commission to 
stop granting waivers and ex- 
tensions to cellular com- 
munications 
nies that would allow 
them to miss the long- 
mandated date 


for Enhanced 911 wireless loca- 


compa- 


start 


tion services. 

The agencies said the FCC 
should hit carriers that 
the deadline with 
penalties” for noncompliance. 

The Sept. 1] terrorist attacks 
on the US. - 
quent heavy use of cellular 
networks, well jury- 
rigged automatic location sys- 
tems in New York — 
made it difficult for the FCC 
to grant new waivers for a sys- 
tem that it first 
in 1996, said Jim Goerke, wire- 
less implementation director 
at the National Emergency 
Number Association (NENA) 


miss 
“serious 
and the subse- 
as 


as 


have 


envisioned 


~ How Wireless Enhanced 911 Locates Callers 


Software in base stations at each cell tower uses a sophisticated triangulation system to determine 
the location of a caller to within 100 meters. That information is translated into latitude and longi- 
tude coordinates and is then transmitted to a police dispatch center. There, the caller’s location is 
superimposed on a geographic information system display. This allows the dispatcher to determine 
at a glance the location of the caller and the nearest emergency units. 


“Age 


in Columbus, Ohio. 

The Sept. ll attacks have 
helped focus attention on the 
importance of having a system 
that can determine the loca- 
tion of people who call 911 on 
cell phones, Goerke 
adding that the cellular carri- 
ers “have had a lot of time to 


said, 


get this together.” 


i While the FCC has | 


j not indicated how it 
will act, analysts ex- 
to take a strong stand. 


pect it 
The chances of continued le- 
niency by the commission “are 
about equal to everyone being 
a winner in Las Vegas,” said 
Alan Reiter, an analyst at Wire- 
less Internet & Mobile Com- 
puting in Chevy Chase, Md. 


The technology isn’t perfect, | 


but it does exist, said Reiter. 
The cellular industry has been 
engaged in “legal stalling,” a 
tactic that won’t work in the 
postattack world, he said. 
NENA, the Association 
Public Safety Communications 
Officials International Inc. and 
the National Association 
State 911 Administrators, a 


KS) 


of | 


of 


Wired 
na Tad 
connection 


NENA affiliate, told the FCC in 
a filing on Sept. 21 that the ter- 
rorist attacks require the com- 
mission “to move as quickly as 
possible to implement fully ac- 
curate location capability for 
the nation’s wireless users.” 
Goerke said that based on 
his reading of the FCC’s emer- 
gency-communications _ files, 
only two of the major carriers 
Atlanta-based Cingular 
Wireless and Redmond, Wash.- 
based AT&T Wireless Services 
Inc. — are even close to meet- 
ing the requirements. 


Technology Options 

Travis Larson, a spokesman 
for the Cellular Telecommuni- 
cations & Internet Association 
in Washington, said that al- 
though the cellular industry 
“has been working diligently 
for a number of years” to meet 
the deadline, the technology to 
make the system work isn’t yet 
available. 

The FCC has mandated that 
the carriers choose either an 
automatic location system that 
uses Global Positioning System 
(GPS) chips in receivers en- 
hanced by back-end processing 
systems, or a network-based 
system that uses sophisticated 
triangulation from nearby cell 


Dispatch center 





towers to locate a handset. 

The FCC wants carriers us- 
ing a handset system to provide 
location accuracies to within 50 


meters for 67% of all calls and 


| accuracy to within 150 meters 


for 95% of calls. Carriers using a 
network system must provide 


| accuracy to within 100 meters 


on 67% of calls and to within 
300 meters for 95% of calls. 

The deployment of automatic 
location systems will be costly. 
Diane McCormick, director of 
investor relations and a spokes- 
woman for Allen Telecom Inc. 
in Beechwood, Ohio, estimated 
that a nationwide rollout of lo- 
cation technology could cost 
$1 billion to $3 billion. 

Carriers that have opted for 
the handset system said they 
have had problems getting the 
base-station equipment to up- 
grade their networks. Sprint 
PCS Group said it has run into 
problems with its two major 
equipment suppliers, Murray 
Hill, NJ.-based Lucent Tech- 
nologies Inc. and Brampton, 
Ontario-based Nortel Net- 
works Corp. 

Kansas City, Mo.-based 
Sprint told the FCC in a filing 


| on Sept. 20 that it planned 


to start selling GPS-enabled 
phones today and that it will 
sell GPS-equipped phones ex- 
clusively as of Dec. 31, 2002. 
Goerke said he understands 


| the issues carriers face in up- 


grading their networks but also 
wonders if their problems and 
delays are a matter of timing. 
The FCC should use its investi- 
gatory powers to determine 
whether equipment problems 


| are the result of delayed or- 
| ders, said Goerke. 


“If I were the government, I 


| would fine the carriers each a 
| million dollars a day until they 


comply with the FCC location 
mandate,” said Reiter. D 
Mobile/Wireless 


Quick 
Dink Knowledge Center 


www.computerworld.com/q?k1000 


For more informa- 
tion, visit our 





COMPUTERWORLD October 1, 2001 


NEWS 


Technology for Complying With Antiterror Rules Gets Boost 


Automated systems help monitor illegal financial transactions 


Y 


BY DAN VERTON 


WASHIN »N 


The Sept. ll attacks heightened 
U.S. financial 
institutions and other firms 
face a broad range of fines and 
criminal charges if they allow 
terrorists — or any of thou- 


awareness that 


sands of other individuals cur- 
rently on government security 
watch lists — to conduct finan- 
cial or international trade 
transactions. And companies 
are equipping themselves with 
technology to prevent that 
from happening. 

The driving force is long- 
standing regulations put in 
place by the U.S. Treasury De- 
partment’s Office of Foreign 
Asset Control (OFAC), which 
enforces economic and trade 
sanctions against targeted for- 
eign countries, organizations 
that sponsor terrorism and in- 
ternational narcotics traffick- 
ers. The OFAC requires banks, 
securities companies, export 
firms and tourism businesses 
to report within 10 days all ille- 
gal or suspicious transactions 
involving any one of thousands 
of so-called Specially Desig- 
nated Nationals currently on 
OFAC and other government 
watch lists. 

Those regulations, along 
with an executive order signed 
Sept. 23 by President Bush that 
freezes the assets of an addi- 
tional two-dozen individuals 
and groups as part of the new 
war on terrorism, are prompt- 
ing companies to ensure that 
they have all of the automated 
tools they need to prevent ilie- 
gal transactions from slipping 
through the cracks. 


Heightened Concerns 

“This is really the first time 
that this mandate is being 
driven home,” said Chuck 
Schardong, product manager 
at Innovative Systems Inc., a 
Pittsburgh-based firm that de- 
velops OFAC compliance soft- 
ware for banks and other com- 
panies. Within a few days of 





the Sept. ll terrorist attacks, 
customers began contacting 
Innovative Systems for up- 
grades and information on the 
FBI’s hijacker list, he said. 
“There definitely has been 


an upswing in the number of 


calls we’ve received since Sept. 
ll,” said Dave Leverenz, senior 
product manager for the risk- 
reduction product line at 
Thomson Financial Publishing 
in Skokie, Ill. A few years ago, 
“didn’t 
even know what OFAC stood 


most organizations 
for,” he said. 

For large companies that 
process hundreds or thousands 
of transactions per day, using 
automated rather 
than a manual one could mean 
substantially lower fines if ille- 
gal transactions are missed but 
later discovered by auditors. 


an system 


Several financial institutions 
contacted last week declined 
to comment, citing increased 
security concerns. However, 
one risk manager at a major 
bank in the Southwest ac- 
knowledged that manual sys- 
tems are still being used at 
his bank. 

“Any bank processing 75 to 
100 wire transfers a day needs 
and probably already uses an 
automated system,” said Lev- 
erenz. Larger banks typically 
process thousands of transac- 
tions per second. 

In the banking industry, most 
OFAC violations are uncovered 
when one bank discovers and 
reports an illegal wire transfer 
that wasn’t caught by the send- 
ing bank. Banks and companies 
are required to report any ille- 
transaction that 


gal Passes 


IT Trade Show Schedules 


Impacted by Sept. Tl Attacks 


Travel concerns ground many industry events 


BY LINDA ROSENCRANCE 
Concerns about travel and se- 
curity in the wake of the Sept. 
ll terrorists attacks on the U.S. 
have caused many upcoming 
IT-related trade shows to be 
postponed or canceled. 

“This is the worst we've ever 
seen,” said Michael Hughes, 
research director at Tradeshow 
Week, a Los Angeles-based 
trade show publication. “About 
45% of major trade shows in all 
industries, including IT, are 
being canceled or postponed.” 

Hughes said shows aren't be- 
ing held for several reasons. 
Some of them were originally 
scheduled to take place soon 
after the date of the attacks, but 
Americans were still reeling 
from the news and didn’t feel it 


was Safe to travel, he said. Com- 
panies have also been con- 
cerned about shipping freight 
because of the increased cost 
of beefed-up security in re- 
sponse to the disaster. 

“People are still dealing with 
grief” and remain concerned 
about air travel and _ safety, 
Hughes said. 

Karen Jagoda, president of 
Baltimore-based Turtlesnap 
Ventures Inc., decided to post- 
pone an investment sympo- 
sium called Global Trends in 
Technology Development that 
was scheduled to open last 
week in Washington. 

“[Some] of our key speakers 
and participants felt they could 
not attend at this time because 
of concerns over international 


Factoring In 
The OFAC 


Questions asked by regulators 
and auditors: 

= Does the ins 

procedures in place for ¢ 

OFAC laws and regulations? 

# Does the ins 

sting of proh 

ndividuals 


sisthe OFAC information disseminated t 


offices in foreign countries? 


@ Are new accounts 
OFAC listings prior to 


@ Are established accounts regularly 
pared with current OFAC listings 


through a trading partner’s sys- 
tem, said industry experts. 

“It can create an entire chain 
of responsibility,” said Schar- 
dong. 


That chain of responsibility 


travel and security,” Jagoda 


said. “We received a number of 


e-mails from speakers and at- 
tendees saying they were con- 
cerned about their safety.” 


Staying the Course 

Still, despite the many can- 
cellations and postponements, 
some trade shows are being 
held as scheduled. 

Kim Myhre, president of IT 
marketplace Comdex, which is 
presented by 
based Key3Media Events Inc., 
said Comdex/Fall 2001 in Las 
Vegas will go on as planned 
from Nov. 12-16. 

“While our thoughts as fami- 
ly members and businesspeo- 
ple have been focused on the 
well-being of our fellow Amer- 
icans, we decided we need to 
get back to work,” Myhre said. 
“We haven’t had any major 
cancellations, and all our 
keynote speakers have con- 
firmed. This is a little bit of un- 
charted territory, and anything 
can happen, but we're going 
ahead as planned.” 

Many IT professionals say 
they’re still planning to attend 


Los Angeles- 


| 
| 
| 
| 


may also be expanded world 
wide and could have a signifi- 
cant impact on global business 
practices, said Kathy Little, co 
the 
international 


chairwoman of 
ment and prac- 
tice group at Washington law 
firm Vinson and Elkins LLP. 
President Bush may take ad 


govern- 


ditional steps such as placing 
banks 
and companies that refuse to 
help the U.S. locate the finan 


sanctions on foreign 


cial assets of terrorist groups, 
Little noted. 

Other industry experts fore- 
see OFAC regulations being 
expanded to other industries, 
such as the airline industry. “I 
see no reason why flight mani- 
fests shouldn't be compared 
against these lists,” said 
Schardong. 

“Prior to Sept. ll, most finan- 
cial institutions saw the regu 
lations as a burden,” said Greg 
Kessler, a product manager at 
Bridger Systems Inc., a Boze- 
man, Mont.-based developer of 
OFAC 
“Now they’re seeing it as a way 
to combat terrorism.” D 


management software. 


trade shows and conferences 


because it’s important 
than ever for them to meet and 
share information. 

Ann Marie Horcher, a senior 


specialist in electronic work- 


more 


place services at Dow Corning 
Corp. in Midland, Mich., said 
she still plans to attend this 
week’s Momentum 200], a 
worldwide user conference be- 
ing held by Pleasanton, Calif.- 
based content management 
provider 
Dow Corning has canceled all 


Documentum Inc. 
company travel that isn’t cru- 
cial for business for the time 
being for 
Horcher added. 

“There 
we're planning to go. One is 
that we had other travel op- 
tions — we're going to drive,” 
said Horcher, a speaker at the 
event. “And also because I 
need to know what direction 
my vendors are going in for 
next year.” D 


security reasons, 


are two reasons 


For a list of all 
canceled and 
postponed shows. 
visit our Web site 
www.computerworld.com/q?q5010 





10 


NEWS 


LIS Is as Secure as Other Web 
Servers, Claims Microsoft 


Company responds to Gartner’s advice 
that users should consider alternatives 


BY JAIKUMAR VIJAYAN 
ICROSOFT says 
its Internet In 
formation Serv 
er (IIS) is as se- 
cure as compa 

rable products from other ven 

dors. The company made the 
assertion in response to a re- 
cent Gartner Inc. recommen 
dation that enterprises con 
sider alternatives to IIS if they 
had been hit by both the Code 

Red and Nimda worms. 

According to the Gartner 
advisory, the success of the 

Nimda worm and of Code Red 

before that “highlights the risk 

of using IIS the effort 
involved in keeping up with 


and 


Microsoft's frequent security 
patches.” 

Stamford, Conn.-based Gart- 
ner’s advisory issued in 
the wake of the recent attack 
by the mass-mailing Nimda 


worm that infected systems 


was 


running Microsoft Windows 
95, 98, ME, NT and 2000. 
Unlike 


viruses, Nimda spread via net 


other worms and 
work-based e-mail, as well as 
by Web browsers, and it ex 
ploited back doors left open by 
previous viruses such as Code 
Red and Sadmind 

When Nimda hit, Microsoft 
advised installing patches and 
service packs on virtually every 
PC and server running Internet 
Explorer, IIS Web servers or 
the Outlook 
client, just as 


e-mail 
it had done with 


Express 


Code Red, said John Pescatore, 


a Gartner analyst and author of 


the advisory. 

This constant patching and 
maintaining has resulted in a 
high cost of ownership for IIS. 
As a result, Pescatore recom- 
mended that enterprises that 
had been hit by both Nimda 
and Code Red look at alterna- 
tives such as Sun Microsys- 
iPlanet and the 


tems Inc.’s 


Apache Web server software 
“The Gartner recommenda 

the fact that 

is an industrywide 


tion overlooks 
security 
challenge and that serious vul 
nerabilities have been found 
in all Web server products and 


platforms,” said a Microsoft 


spokesman. “It is a folly to be 
lieve that if you switch from 
one product to another, you 
are protected. 

‘Those customers that in 
stalled all the [recommended] 
patches were protected from 
Nimda,” the spokesman said 

But the Gartner recommen 
dation seems to be resonating 
with at least some users 

Palo Alto, Calif.-based Fen- 


wick & West LLP plans to mi 


Beefed-up security after the Code Red worm and the availability 
of a cumulative patch from Microsoft has improved the security 


of ITS servers. 


Vulnerability of IIS sites this year vs. last year: 
SS Se ee 


Administration pages accessible 
Cross-site scripting 
Server paths revealed 


Viewing script source code 


27.38% 
80.95% 
50.60% 
19.64% 


10.26% 
19.23% 
6.41% 
3.85% 


grate from its IIS servers to a 
Linux operating environment 
running Apache’s Web server 
software because of security 
concerns 

Financial considerations are 
also driving the move it’s 
cheaper to run Apache on 
Linux than it is to run IIS, said 
Matt Kesner, chief technical 
officer at the law firm. 

Fenwick & West escaped be- 
ing hit by last week’s Nimda 
virus. But the experience of 
dealing with a previous IIS- 
related vulnerability and the 
continuous effort needed to 
keep IIS secure were bother- 
some, Kesner said. 

Moving to Apache is going 
to be difficult, and it will offer 
less functionality than IIS, pre- 
dicted Kesner. Even so, he said, 
“we think [Apache] is going to 
be a smaller target.” 

Because of security con- 
cerns, Planogramming Solu- 
tions Inc., a space-management 


company in Jacksonville, Fla., 


Government Boosts Technology Research 


gorithms extensively in opti 


Projects may help 
private-sector IT 


BY PATRICK THIBODEAU 
The Bush administration has 
significantly increased spend- 
ing for IT 
awarding $156 million in grants 
that 
may ultimately help corporate 


research projects, 


last week to seed ideas 
IT organizations. 

One such project, which re- 
ceived $5.5 million from the 
National 
(NSF), is intended to reduce 


the typical 10- to 30-year span 


Science Foundation 


before new algorithms find 
their into applications, 
according to Guy Blelloch, a 
computer science professor at 
Carnegie Mellon University in 
Pittsburgh. Businesses use al- 


way 


mization, for purposes such 
as developing efficient sched 
uling of airline flights and 
trucking routes. 

“The smarter the algorithm, 
the better you the 


schedules,” said Blelloch. 


can get 
But there’s currently a dis 
connect between application 
developers and algorithm re- 
searchers, said Blelloch, who's 
heading the project. “It’s really 
a communications gap,” he said. 
A large part of the grant is 
aimed at bringing researchers 
and application developers to- 
gether through such activities 
as workshops. 

The NSF, a federal agency 
that funds basic scientific re- 
search, awarded $90 million in 
IT research last year. The Bush 
administration has made tech- 
nology research a priority. 


“Our objective is to support 
the development of software 
and IT services that will help 
scientists and engineers make 
the kinds of discoveries that 
will eventually be applied by 
industry,” said Rita Colwell, 
director of the NSF. 

One of the larger awards — 


Role of the NSF 


The National Science Foun- 
dation is a federal agency 
that funds basic scientific 
research that’s too risky and 
expensive for companies. 

» The NSF this year re- 
ceived more than 2,000 


proposals for funding. 
It awarded 309. 


sneeveeeeeenmeccneneeasensnenescenpenneennanesnenenaens 


»The NSF hopes to award 
$217 million next year. 


COMPUTERWORLD October 1, 2001 


is moving to a Linux/Apache 
environment, even though it’s 
more difficult to set up than 
IIS, said Pat Quick, an informa- 
tion systems specialist at the 
company. 

“I know that Windows, Of- 
fice and many other packages 
are very popular and have a 
wide reach that makes them 
the target to get to. But to be 
the biggest should carry some 
responsibility to be the best. 
This is, sadly, not the case,” 
Quick wrote in an e-mail to 
Computerworld. 

Not everybody shared the 
same sentiments, though. 
Microsoft 


responded well in every case” 


“To be fair, has 


where its software has been 
attacked, said a user at a large 
Seattle-based who 
requested anonymity. 

“Why would you move to 
[Linux] with effectively no 


company 


support, running a Web serv- 
er that doesn’t have as much 
functionality [as IIS]? There’s 
a hidden cost of ownership in 
that model as well,” he said. D 


Quick TURGerGee” 
I me to our Security 


Knowledge Center 


www.computerworld.com/q?k1600 


approximately $7.5 million — is 
to fund an ongoing project at 
the University of California, 
Berkeley. That project is de- 
signed to create a broad-based 
computer network that would, 
among other things, use sen- 
sors to optimize automobile 
traffic flow and provide real- 
time information on the condi- 
tions of roads, bridges and 
buildings after an earthquake. 
Another Carnegie Mellon 
project that NSF 
money — in this case, a $1 mil- 


received 


lion grant over two years — 
aims to develop new ways to 
verify the reliability of embed- 
ded systems. 

“Obviously, the reliability of 
such systems is extremely im- 
portant,” said Edmund Clarke, 
a professor of computer sci- 
ence and lead investigator at 
Carnegie Mellon. The goal of 
the research is to verify the re- 
liability of software and hard- 
ware used in such systems as 
they are designed, he said. D 









Cisco Certified Partners. 





As obsessed with customers 
Fe 


Fa 


oN 


YOUR CISCO CERTIFIED PARTNER W 

CUSTOMER SATISFACTION —| cisco.com/go/certifiedpartner | 
SERVICES AND SOLUTIONS cata : 
Sasol ay ae toa 


Implementing new technologies and getting it done right the first time is 
now more critical than ever. To this end, customer satisfaction is a major 
focus of the Cisco Certified Partner Program. Each Gold, Silver and Premier Cisco Systems 


Certified Partner has access to the same tools Cisco uses to track customer satisfaction and pinpoint areas of 


improvement. This obsession with satisfying customers goes beyond reselling hardware. Cisco Certified Partners 


also provide consulting, professional services, systems integration, resale and support. So you can maximize the return 


on your network investment. To learn more or to locate the partner right for you, visit cisco.com/go/certifiedpartner 





12 


NEWS 


Fidelity Makes Big 
XML Conversion 


Retrofit of legacy data leads to massive 
reduction in hardware, proprietary code 


BY LUCAS MEARIAN 
HIS MONTH, Fideli- 
ty Investments ex- 
pects to complete 
a retrofit of its cor 
porate data to an 

XML format in an effort that 

has already allowed it to gut a 

hard- 

databases 


significant amount of 
ware, proprietary 
and Web and transactional 
protocols. the 


project is the largest of its kind 


Analysts say 


and estimate that it could cost 
the investment firm 
millions of dollars. 
“When looking at the multi- 
tude of data required to be 
made XML-compatible within 
an institution the size of Fideli- 
ty, it’s 
Sarah Ablett, a research ana- 
lyst at Meridien Research Inc. 
in Newton, Mass. 
Two ago, 
started looking for a 


mind-boggling,” said 


Fidelity 
way to 


years 


simplify communications be- 
tween consumer Web applica- 
tions and back-end 
During the past decade, the 
mutual funds 


systems. 


Boston-based 


giant had installed a plethora of 


proprietary messaging formats, 
remote procedure calls, inter- 
faces and commercial middle- 
ware applications, such as 
Sybase EnterpriseConnect. 

By using XML as its core 
communications connection 
to translate data among its 
Web site, its Unix and Win- 
dows NT servers and its back 
office mainframes, Fidelity was 
able to eliminate 
translation protocols and mes- 
sage buffers and 75 of its 85 
midtier servers. 

Bill Stangel, XML _ team 
leader and an enterprise archi- 
tect at Fidelity, said a common 
language has also allowed the 
managers to 
who 


company’s IT 
redeploy programmers, 
were tied up writing inter- 


tens of 


a glut of 


faces, to work on more impor- 
tant The 
conversion im- 
prove time to market for appli- 


business functions. 


should also 
cations, he said 

“It’s simplified our environ- 
significantly,” Stangel 
said. “Instead of us having to 


ment 


invent our own messaging, we 
can now use XML as the com- 
mon language. We can buy a 
book on it and give it to our 
programmers and say, “You can 
use this instead of inventing a 
new interface.’ ” 

Getting the project off the 
ground was difficult, said Stan- 
gel, “but once the culture 
kicked in, we didn’t have to 
explain why XML is 
thing. 


a good 


Siebel Readies 


Some users cautious 
about upgrading 


BY MARC L. SONGINI 
At its annual user conference 
this week in Chicago, Siebel 
Systems Inc. is expected to 
showcase a fully Web-architec- 
tural version of its flagship 
customer relationship man- 
agement (CRM) software. 
Users and analysts said the 
Siebel 7 technology will take 
the Siebel 
Worldwide Week 2001 
conference. Siebel officials 
couldn’t be reached for com- 
ment last week, but the San 
Mateo, Calif.-based vendor has 
said that the new release won't 
require 
and will add several features 
that aren’t available in its cur- 
rent Siebel 2000 suite. 
While some Siebel 


center stage at 


User 


client-level software 


users 


“People picked up on it and 


realized if we can reduce the | 


complexity of our systems, we 
can have a real [competitive] 
advantage,” he said. 

While it’s 
financial services firms to de- 
velop XML formats for future 
current 
it’s somewhat rare for a com- 


not unusual for 


or even information, 


pany to spend the amount of 


money Fidelity is believed to 


have invested to retrofit all of 


its internal information, said 
Neal Goldman, an analyst at 
The Yankee Group in Boston. 

Fidelity officials declined to 
comment on the specific costs 
or savings associated with the 
project. 

Several XML standards com- 
pete in the financial services 
industry, including Financial 
Information Exchange (FIX), a 


protocol used by a group of 


asset management and broker- 


the real-time 
exchange of securities transac- 


tions. Currently, FIX develop- 


firms for 


age 


ers must write application-level 
code to validate the structure 
of FIX messages. 

Instead of going with one of 
several proposed XMI 
dards, Fidelity settled on its 
own proprietary 
XML because of 
adoption of the technology 
and the fit with its investment 
business 

As Fidelity looks to convert 
its external systems to XML, 
Stangel said, the firm will con- 
sider evolving standards such 


stan- 


version of 
the early 


COMPUTERWORLD October 1, 2001 


as FIXML for FIX messages or 
RIXML, which makes it easier 
for investors to share informa- 
tion about companies. 

“Our work upfront has put 
us in a good position to now 
take advantage of these next- 
generation [XML standards] as 
we move forward,” Stangel 
said. “We probably won’t move 
to one of the tag standards, like 
ebXML. That fit our 
business. But we will take ad- 
vantage of the next part of that 
schema structures 
and those types of things, in- 


doesn’t 


protocol, 


stead of us having to invent 
those components.” D 


Addition by Subtraction 


Here’s the upshot to Fidelity’s XML conversion project: 


» Programmers now have to learn only one language instead of many propri- 


etary languages. 


> Programmers busy writing interfaces can now focus on business functions. 


> Cuts out 75 of 85 midtier servers. 


> Cuts many proprietary translation protocols and message buffers 
between Fidelity's Web and back-end systems 


> Improves the company's time to market for applications. 


Note: Fidelity said it expected to spend $2.3 billion on technology this year. That figure includes 
$350 million for Internet development, a 35% increase over last year 


Web-Based CRM Suite 


said last week that they see 


the potential advantages of 


upgrading their CRM systems 
to Siebel 7, they also expressed 
a degree of caution about mak- 
ing the move. 

Just how the version 
will with back-end 
systems and other business ap- 


new 
integrate 


plications is of particular inter- 
est to Greg Augustine, director 
of e-commerce at TidalWire 
Inc., a Westboro, Mass.-based 
maker of storage hardware. 
TidalWire uses the Siebel 2000 
sales application to handle ac- 
count management, customer 
leads and other functions. 
Augustine said there would 
be benefits to using the new 
release, such as easier mainte- 
nance for IT workers and the 
availability of enhanced re- 
porting tools for end users who 
want to review customer 
records. But there are 
“costs associated with migrat- 


also 


ing from one version to anoth- 
er,” he added. “And this is a ma- 
jor upgrade, so we'll be doing 
lots of changes.” For example, 
he said, changes in business 
processes would be needed. 

It’s likely that Siebel will 
offer special upgrade pro- 
grams and technical help in an 
effort to migrate Siebel 2000 
client/server customers to the 
new Web-based architecture, 
said Erin Kinikin, an analyst at 
Giga Information Group Inc. in 
Cambridge, Mass. 

But companies should do 
their usual due diligence and 
not be too hasty to jump to 
no matter how hard 
the vendor pushes the product, 
Kinikin said. Users “need to be 
cautious ... before kicking off 
large Web CRM deployment 
projects,” she said. 

Another user who’s looking 
at Siebel 7 is Ken Casey, vice 
president of operations at Al- 


Siebel 7, 


‘Qui 


berta Treasury Branches, an 
Edmonton, Alberta-based bank 
that live with a Siebel 
2000 call center application for 
the financial industry in July. 
The bank now wants to roll 
out the call center package to 
its branch offices but is looking 
to avoid the cost of installing 
client software on every desk- 
top, Casey said. Instead, the 
company hopes to rely on a 
that 
browser-based access to the 
application for remote users. 
“We decided the next level 
of the rollout wouldn’t have 
the same thick-client technolo- 
gy [as the initial project re- 
quired],” Casey said. He said 
he’s also interested in a new 
bank-teller application that’s 
supposed to be part of Siebel 7. 
The bank is leaning toward 
upgrading but hasn’t made 
definite plans to do so. D 


went 


central server offers 


For access to 
additional resources 
online, visit our CRM 
Knowledge Center 


k 
Link 


www.computerworld.com/q?k1300 





I'm not just another pretty face. I'm a better way of doing things. 


| am Dell. Simplifying the way the world buys and manages technology, one customer at a time. 
By all appearances, | am a server. But take a closer look, and you'll see | am more than that 


| am a direct relationship, free of middlemen 


2 every day. The part you'll be looking at when you realize that what you really 
bought was a better way of doing things. Find out what customers and analysts are saying about Dell 


at dell.com/enterprise3 


Easy as DS@LL 


Call 1-877-430-DELL or visit www.dell.com/enterprise3 





Exodus Files for 
Bankruptcy Protection 


Web hosting firm Exodus Communi- 
cations Inc. filed for Chapter 11 
bankruptcy protection following a 
series of losses, layoffs and man- 
agement shake-ups. But the Santa 
Clara, Calif.-based company said it 
will continue operating, using $200 
million in new debtor-in-possession 
financing from General Electric 
Capital Corp. in Stamford, Conn. 


Six More States Call 
For Antitrust Remedy 


Six states that aren’t taking part in 
the U.S. government's antitrust 
case against Microsoft Corp. re- 
leased an open letter calling on the 
software vendor “to remedy the 
antitrust problems that are now evi- 
dent.” The letter also raised anti- 
trust-related concerns about Micro- 
soft’s new Windows XP operating 
system. 


Ariba Rolls Out B2B 
Product-Sourcing App 


Ariba Inc. announced a new busi- 
ness-to-business application that 
includes automated contract man- 
agement, supplier negotiation and 
spending analysis features for buy- 
ing products and services. 

Unlike the Sunnyvale, Calif.- 
based company’s earlier sourcing 
products, the Ariba Enterprise 
Sourcing software can be installed 
internally in addition to being run in 
hosted setups. 


Short Takes 


APPLE COMPUTER INC. announced 
an upgrade of its Mac OS X operat- 
ing system designed to address per- 
formance problems and other short- 
comings in the product's first re- 
lease, which shipped in March. . . . 
WORLDCOM INC. is buying some of 
the assets of bankrupt Digital Sub- 
scriber Line service provider 
RHYTHMS NETCONNECTIONS INC. 
in Englewood, Col., for $40 million. 


Continued from page 1 


Boeing 


get on with the business at 
hand?’” 

One possible answer: real- 
time monitoring of whai is go- 
ing on in the passenger cabins 
of commercial aircraft. 

Condit said Connexion by 
Boeing, a broadband satellite 
connection service _ initially 
aimed at bringing Internet ac- 
cess and video to passengers in 
flight, could also be used to 
send images from aircraft to 
ground stations. 

Boeing spokesman Terrance 
Scott said that although the 
Connexion system is still un- 
der development, it has been 
deployed in ll private business 
and government jets, including 
the Boeing 737 corporate jet 
used by Condit. Boeing also 
has a special 737 set up to pro 
vide ongoing development of 
the Connexion platform, Scott 
said. 

Several including 
American Airlines Inc., United 
Air Lines Inc. and Delta Air 
Lines Inc., have said they will 


carriers, 


deploy the Internet access and 
video system, although those 
plans were announced before 
the terrorist attacks. The idea 
of the system being modified 
so it can transmit images from 
an aircraft to the ground is a 
new initiative that Boeing is 
exploring. 


A General Trend 

Aerospace analyst Mike Bur- 
kett at AMR Research Ince. in 
Boston said the concept of re- 
mote monitoring of an aircraft 
in real time “seems to make 
perfect sense” from a security 
standpoint. “Remote monitor- 
ing is a general trend in IT,” he 
noted. 

According to Scott, the 
throughput speed from satel- 
lites to an 20M 
bit/sec., and 1.5M bit/sec. in the 
other direction. If a security or 
mechanical emergency were to 
arise, bandwidth could be 
shifted to accommodate the 
situation, Burkett said. 

Condit said Boeing has pro- 
posed a different type of satel- 
lite-based air traffic manage- 


aircraft is 


NEWS 


ment that views multiple air- 
craft as components in a single 
system. “It better 
flows and fewer holes [than ex 
isting systems],” he said. 


has data 


As for the job cuts Boeing 
has already announced, Condit 
affirmed the company’s deci- 
sion to lay off approximately 
30,000 employees during the 
coming months. 

“Flying has decreased dra- 
matically,” he said. “Building 
airliners 


commercial doesn't 


make sense unless airlines 


need them.” 


Continued from page 1 


Projects 


at a cost of $150 million. IBM 
was to provide the technology 
for the kiosks and handle the 
installation. 

Last week, United spokes 
Chris Nardella 
those plans “are on hold now,” 
though she added that an un- 
determined number of kiosks 
have been installed and contin- 


woman said 


ue to function in Chicago 
O'Hare International, Los An- 
International and San 
Diego International airports. 
Nardella said United hasn't 
yet decided whether it will in- 
stall kiosks what 
changes, if any, will be made to 


geles 


more and 
them to ensure security. 

The kiosks were intended to 
speed check-in for travelers 
with e-tickets, who can insert a 
United frequent-flier card or 
major credit card for identifi- 
cation and get back a printed 
boarding Now, United 
will have agents at the security 
checkpoints to double-check 
that the name on the ticket 
matches the photo ID of the 
ticketholder, Nardella said. 

By and large, the Federal 
Aviation Administration is 
leaving these kinds of security 
details to the discretion of in- 
dividual airlines, and there are 


pass. 


no plans to prohibit the use of 


kiosks for travelers, said an 
FAA spokesman. “The impor- 
tant thing to us is that people 
have the proper documents to 
get through the 
checkpoints,” he said. 
IBM has contracted 


screener 


with 


But most Boeing IT workers 
won't have to worry, according 
to Judith Muhlberg, the com- 
pany’s vice president of com- 
munications. She said the lay- 
offs, most of which will be 
made in the aerospace giant’s 
commercial aircraft operating 
unit, “will insig- 
nificant impact on Boeing IT 


have an 


personnel. 

“Boeing is still hiring IT peo- 
ple,” Muhlberg said. “Those 
{IT personnel] affected will 
likely be transferred to other 
Boeing divisions.” D 


several airlines to install self- 
kiosks. US Airways 
Inc., British Airways 
PLC and Air Canada have all 
signed deals with IBM, as did 
Ansett Airport in Sydney, Aus- 
tralia, and Inchon Internation- 
al Airport in South Korea. 
Kiosks aren’t the only tech- 
nology that could be affected 
by new guidelines. “The entire 
airline industry evolved as an 
extension 
networks 


service 


Group 


of their electronic 
and the networks’ 
message structures and the 
quasi-automated e-commerce 
processes that evolved in and 
around them,” Richard 
Eastman, president of The 
Eastman Group Inc., an airline 
industry consulting firm in 
Newport Beach, Calif. “What 
Sept. ll has done, in my mind, 


said 


| AIRPORT KIOSKS LIKE this one 
| from United are already in use, 


but their future is in doubt. 





COMPUTERWORLD October 1, 2001 


BOEING CEO CONDIT: Broadband 
could increase aircraft security. 


is open some doors to a new 
architecture model.” 

For starters, he said, reserva- 
tion systems aren’t set up to 
trigger an alarm if, for example, 
a large number of passengers 
don’t show up for a flight or if 
a handful of passengers buy 
last-minute tickets at full fare. 
They are only inventories, not 
relational databases, and they 
can’t do event-based functions, 
he said. 

For its part, IBM doesn’t 
have any specifics on how the 
new security guidelines will 
impact its various contracts 
with the airlines. “We’re work- 
ing with our customers, [but] 
it’s hard to be more specific,” 
said IBM spokeswoman Linda 
Hanson. “Obviously, there is 
some refocusing.” 

Robert Denahy, director of 
marketing for mobile printing 
at Zebra Technologies Corp. in 
Vernon Hills, Ill., said he sees a 
need to refocus his company’s 
mobile printing technology 
that’s used for curbside check- 
in and by roving agents to 
check baggage. For now, De- 
nahy isn’t sure if Zebra’s label- 
ing technology will help with 
airport security or need to be 
retooled to support more so- 
phisticated security practices. 

“A lot of these changes and a 
lot of these issues are uncer- 
tain,” Denahy said. For exam- 
ple, Zebra’s mobile printers 
could link baggage to passen- 
gers and their identification 
with the bar-code technology 
already in use. Zebra might 
also have to consider embed- 
ding biometrics into the bar- 
code information on baggage 
and boarding passes, he said. D 





You're right, Dell doesn’t have one service person with all the answers. 
There are thousands more where Carl came from. 


Dell | Enterprise 


| am Dell Enterprise. PowerEdge™ servers, PowerVault™ storage, infrastructure software, and Premier Enterprise Services. 


J} 


And | am backed by thousands of service and support people: on-site, online and on the phone. Each able t 


of pointing fingers. Surprised? You shouldn't be. Because when Dell builds your custom Intel” processor-based 


Dell also builds a total knowledge base. From configs to upgrades to service, Dell puts your entire history at y 


24/7. All it takes is one walk down the hall, one e-mail or one phone call to start ans 


Speed deployment. And cut costs 


That's why Dell is ranked #1 in customer satisfaction for Intel” processor-based servers” Tc 


are saying about Dell Enterprise, visit us at dell.com/enterprise3 


Wi 


Total accountability. On-site, or 


ne, on the phone. Easy as DLL 


Call 1-877-430-DELL or visit www.dell.com/enterprise3 











Ort eawe omy ome CORe nti iitem OReCOR Velie Lam aca 
is, 98 out of the FORTUNE 100 count on business 
intelligence solutions from SAS to explore infor- 
mation, better MMe Cntcanr supplier 
relationships, predict behavior, and mere men 
opportunities. Today, SAS is leading the ernie 
in bringing this same level of intelligence to the 
world of e-business. With e-Intelligence from 
SAS, you can capture, analyze and react to data 
gathered at any point of contact. And then just as 
quickly disseminate new findings to anywhere 
they’re needed across your extended enterprise. 
To get the answers you're searching for, call us 


today at 1-800-727-0025 or stop by www.sas.com. 





The Power to Know. ¢ i sre NS) 





COMPUTERWORLD October 1, 2001 


‘NEWS 


Feds Build SANs to Handle 


Increasing User Demands 


Government agencies are forced to centralize 
servers as they attempt to meet growing needs 


BY LUCAS MEARIAN 
NGOING PROJECTS at two 
federal agencies illustrate 
the public and private 
sectors’ increasing need 
for storage-area networks 

(SAN) in response to growing demands 

from end users and customers for ac- 

cess to information. 

Two weeks ago, the U.S. Geological 
Survey (USGS) got an upgrade to the 
SAN behind its Web site. The SAN, 
hosted by Microsoft Corp. and known 
as TerraServer, had its capacity 
bumped from 12TB to 18TB to better 


serve an audience that makes more | 


than 5 million imagery requests per day. 


Each time the site is publicized on | 


How It Works 


television or in print, the number of vis- 
itors skyrockets. On top of that, a new 
Web site was added to the TerraServer 
to give federal agencies exclusive use of 
the data to create presentations. 

The USGS’s Web site, which can dis- 
play more than 3 million satellite photos 
of Earth, is most often used by the gen- 
eral public and the U.S. Department of 


| “we were basically exploring how large 


Agriculture for the management of land | 


and other natural resources. 

The TerraServer project is a joint 
venture between the federal govern- 
ment and various IT vendors, including 
Microsoft, Compaq Computer Corp. 


and Redmond, Wash.-based Advanced | 
| the ability to move multiple terabytes 


Digital Information Corp. (ADIC). 


TerraServer uses three Microsoft 


The Microsoft TerraServer is at the back end of the U.S. Geological Survey’s Web 
site, which hosts more than 3 million satellite photos of Earth. One of the goals of 
TerraServer is to demonstrate that a highly available and scalable configuration 
can be built using commodity hardware running Microsoft software. 


Cisco 12000 
Internet router 


MA8000/ 
HSG80 
controllers 
(3) 
Compaq 
SAN switch 
supplied by Brocade 
Communications 


ADIC Scalar 
1000 LTO 


tape library 


Compaq 
DL360 (4) 
(Windows 
2000 Web 
servers) 


Compaq 
DL360 (6) 
(Windows 
2000 Web 
servers) 
www. ferraserver. 
microsoft.com 


Compag ProLiant 


8500 four-node 


TerraServer SAN 


active/passive database 
cluster (Windows 2000 


Data Center Edition) 


SQL Server databases, four Compaq 
ProLiant 8500 servers, one Compag En- 


terprise Storage Array 12000 and 12 | 


16-port SilkWorm 2800 switches from 
Brocade Communications Systems Inc. 


to store aerial and satellite images of 


Earth and to provide the information 
publicly on the Internet. 
When the project first started in 1997, 


we could grow a single server,” said 


Tom Barclay, TerraServer project man- 


ager at Microsoft. 


The project grew from that single | 


server into a 25-ft.-long computer with 


eight racks of equipment. Then disk ca- | 


pacity topped out, and the USGS decid- 
ed that it wanted its data to be available 
via the Web around the clock. 

The need for multiple servers in an 
active configuration — combined with 


of data from one server to another — | 


“was the motivation to move to cluster- 
ing,” Barclay said. 


“On the Internet, predicting user | 


| load becomes so much more challeng- 


| ing,” he explained. Anyone who’s build- | 


ing an application “has to configure on 


| the high side for bandwidth, consider- 
| ing you can literally have every man, 


woman and child in the world standing 


outside your door.” 


| gy making federal inroads, the Federal | 
Deposit Insurance Corp. is in the midst | 


In another example of SAN technolo- 


| of atwo-year server consolidation proj- 
| ect aimed at pumping its data into two 


SANs so it can upgrade to Windows | 


| 2000 and make information available to 
| scores of field offices. 


The FDIC, the federal entity that in- | 
| sures customer deposits at 
| 10,000 U.S. banks, was faced with re- | 


almost 


| placing the hard drives in about 400 
| servers that it uses for internal opera- 


| 
| 


tions. It had been adding servers to sup- 
port data-intensive applications like 
Microsoft Exchange. 

“At the same time, we were also look- 
ing at budget considerations. We want- 
ed to consolidate servers and centralize 
them,” said Ann-Marie Haynie, a senior 
computer specialist at the FDIC in Ar- 
lington, Va. “If we have the servers cen- 
tralized, we can actually start clustering 
them more efficiently for redundancy 
and fail-over.” D 





SAS* helped 
NYE am ely) 
PSCC 
and save a 
MUL 
STM lal 


CUR Teel ade 


Get the whole story and 
Oia Ae TAL 


or call us at 1-800-727-0025. 


berets} 





18 NEWS ~ COMPUTERWORLD October 1, 2001 


3 
5 week, could hamstring the cel- | third-generation (3G) wireless 
reserves pera Ors pec rm Ig S lular telecommunications in- | use, are now considered invio- 


dustry’s search for spectrum in | lable, given the nation’s cur- 


BY BOB BREWIN | Inc. and Sprint Corp., as well as | accommodate new, high-speed | the near future. That’s because | rent defensive footing. 


The Federal Communications | educational institutions na- | mobile services. U.S. Department of Defense The cellular industry had a 
Commission has ruled that | tionwide, don’t have to give up | _ But the FCC decision, made | (DOD) frequencies, also under | sharp reaction to the FCC spec- 
companies such as WorldCom | their frequency spectrum to | Sept. 6 but announced last | consideration for commercial | trum decision. Tom Wheeler, 
president of the Cellular Tele- 
communications & Internet 
Association (CTIA) in Wash- 
ington, said the decision “does 
not help to address the contin- 
uing need for additional spec- 
| trum for the most spectrum- 
| contained carriers.” 

The FCC said in its ruling 
that it won’t force companies 
such as Sprint and WorldCom, 
which paid billions of dollars 
for licenses in the 2,500-to- 
2,690-MHz band, to move. 
The decision removes “regu- 
latory uncertainty” that had 
| stalled deployment of broad- 
band wireless services de- 
signed to bypass local tele- 
phone companies, said An- 
drew Kreig, president of the 
| Washington-based Wireless 
Communications Association 
International. 

Last year, the federal gov- 
ernment also targeted for 
potential 3G uses the 1,710-to- 
1,850-MHz band, which is used 
extensively by the DOD, and 
the CTIA has led a fierce lob- 
bying battle for those frequen- 
| cies. Any chance of the cellu- 
lar industry gaining access, 
however, has largely evaporat- 
| ed since the terrorist attacks 
| on Sept. ll, said analysts and 
former DOD officials. 

“No one is going to argue 
about DOD needing that spec- 
trum today, and I don’t think 
anyone wants to take away that 
spectrum now,” said John 
Hamre, deputy defense secre- 
tary under the Clinton admin- 
istration and now president 
and CEO of the Center for 
Strategic and _ International 
Studies in Washington. 

According to Craig Mathias, 
an analyst at Farpoint Group in 
Ashland, Mass., the ruling that 
walls off the 2,500-to-2,690- 
MHz band, combined with the 
political realities that will pre- 
vent any encroachment on the 
DOD’s 1,700-to-1,850-MHz band, 
means that the cellular indus- 
try “is up the creek” in its 
search for new spectrum to 
support 3G services. D 














COMPUTERWORLD October 1, 2001 


Intel Names CTO 


Intel Corp. last week tapped Patrick 
Gelsinger as its first companywide 
chief technology officer. Gelsinger 
will head the company’s new Corpo- 
rate Technology Group and will re- 
port directly to Intel President and 
CEO Craig Barrett. The group will 
provide research and technology 
direction across product lines and 
create industry specifications, stan- 
dards and technologies. 


VeriSign Buying 
liluminet For $1.28 


Digital trust services vendor 
VeriSign Inc. in Mountain View, 
Calif., is acquiring Lacey, Wash.- 
based Illuminet Holdings Inc. in a 
move to expand its offerings beyond 
the Internet. VeriSign said the ac- 
quisition will help it offer digital 
identification, transaction security 
and other services to Illuminet’s 
telecommunications customers. 


Gateway to Drop AMD 
For Intel Chips in PCs 


Sunnyvale, Calif.-based chip maker 
Advanced Micro Devices Inc. saw 
things go from bad to worse last 
week. On the same day the compa- 
ny announced it would lay off 2,300 
employees, PC vendor Gateway Inc. 
in San Diego said that once its cur- 
rent stock of AMD-based PCs is de- 
pleted, the company will standard- 
ize on Intel processors. 


Short Takes 


CISCO SYSTEMS INC. and San Ma- 
teo, Calif.-based E.PIPHANY INC. 
said they're bundling a variety of 
their software products in an effort 
to make customer contact centers 
smarter. . .. SAP AG said it’s creat- 
ing a unit to meet the consulting 
needs of multinational customers. 

. .5GI JAPAN LTD., the Japanese 
unit of SILICON GRAPHICS INC., 
signed an agreement with NEC 
CORP. that calls for more coopera- 
tion and a future capital tie-up be- 
tween the companies. 





NEWS 
| Sun Raises Stakes With 


2-Processor Server 


Release i improves position against IBM 


BY LEE COPELAND 
UN MICROSYSTEMS 
Inc. has added more 
horsepower to its Ul- 
traSPARC server line- 
up, a move analysts 


said bolsters its dominance of 


the Unix market and boosts the 
company’s competitive posi- 
tion against rival IBM. 

Sun launched its long-await- 
ed Sun Fire 15K, code-named 
Starcat, last week. Unlike its 
predecessor, the 64-bit Ultra- 
SPARC II ElOK machine, the 
Sun Fire 15K supports as many 
as 72 processors and 18 I/O 
hubs, company officials said. 


By substituting those I/O hubs | 


for CPUs, users can boost the 
server’s processing power to 
106 chips. 

The Sun Fire 15K offers new 
options to Sun’s customer 
base, said Steve Josselyn, an 
analyst at Framingham, Mass.- 
based IDC. 

“Customers had been wait- 
ing for quite some time for the 
UltraSPARC III chip, and this 
is the delivery of that. Having 
72 processors gives them addi- 
tional headroom,” he said. 

Ed Broderick, an analyst at 
Robert Frances Group Inc. in 
Westport, Conn., said the serv- 


| er will also help Sun compete 


for non-Unix customers, such 
as those with IBM’s RS/6000 
midrange servers and s390 
mainframes. 

“Sun is taking dead aim at 
IBM,” Broderick said. “This is a 
case of Sun getting more so- 
phisticated in its capabilities 
and maturing, and Sun is com- 
ing on like gangbusters.” 

The worldwide Unix server 
market reached $29 billion last 
year, according to IDC. Sun led 
the pack with a 35% market 
share, followed by Hewlett- 
Packard Co. with 23%, IBM 
with 18% and Compaq Com- 
puter Corp. with 8% 

But in the worldwide high- 
end server market, which in- 





cludes high-end Unix ma- 


| chines and mainframes and to- 


taled $12 billion last year, the 
leadership roles are reversed, 
IDC said. 


that market, followed by Sun 


with 18%, Compag and Tokyo- | 
based Fujitsu Ltd. with roughly | 


8% each and HP with 6%. 

The Sun Fire 
available in 
tions, ranging from a 16- 
processor model, which costs 


| about $1.4 million, to the 72- | 
| processor model, with a price 


tag of about $4 million, Sun of- 
ficials said. 
The new box, built by Dal- 


| mee based 


IBM holds 36% of | 


ISK will be | 
four configura- | 





Texas Instruments 
nc., also sports 900-MHz cop- 


pare chips and embedded | 


memory controllers. 

Sun’s Solaris 8 operating sys- 
tem is required for the new 
hardware. 

Sun has sold about 5,000 UI- 
traSPARC 
since March 1997 at an average 
price of $1 million each, said 


Clark Masters, vice president | 
and general manager of enter- | 


prise system products at Sun. 
While Sun hopes to maintain 


that sales track record with the | 
cau- | 
tioned that the high-end server | 


Sun Fire 15K, analysts 
market has slowed down this 
year. 

“It has certainly become a 


Microsoft Considers Joining 
New Liberty Alliance Piet 


Passport ID ID system 
might operate with 
open technology 


BY ASHLEE VANCE 
Microsoft Corp. will consider 
joining a newly formed coali- 
tion working on digital identity 
technology similar to its Pass- 
port system if coalition ven- 
dors, including rival Sun Mi- 
crosystems Inc., show a com- 
mitment to keeping the identi- 
ty platform open, said a Micro- 
soft official last week. 

Sun and about 30 other com- 
panies launched the Liberty 
Alliance Project on Sept. 26, 
hoping to lay the foundation 
for a new type of authentica- 
tion system that would allow 
user information, such as cred- 
it card numbers, to travel se- 
curely between Web sites. The 
system would be similar to Mi- 
crosoft’s Passport technology, 
saving users time by asking 
them te fill out name or credit 





| card fields on a Web site once 


and then having that informa- | 


tion pop up automatically on 


other sites that support the | 


technology. 
One of the differences be- 


| tween Microsoft’s system and 


that of the Liberty Alliance is 
where end users’ information 
would be stored. The alliance 
members would each store a 
user’s information on their 
own servers, with the informa- 
tion passing from vendor to 
vendor when the user moves 
to a new site. Microsoft, by 


contrast, stores all Passport in- | 


formation only on its servers. 


However, Microsoft said last | 


week it would consider letting 
a third party manage the data. 

Sun and others in the coali- 
tion suggested that Microsoft 
could become part of the al- 
liance, making Passport a sub- 
set of a digital identity stan- 
dard — an idea that Microsoft 
hasn’t dismissed and _ that 
could prevent conflicts be- 
tween the two systems. 


II E1OK machines | 


Starcat 
Powers Up 


The Sun Fire 15K includes the 
following features: 

@ 72-processor ¢ 
18 1/0 hubs 


yntiguration and 


& 106- process ssor capacity, if ac 
| CPUs get substituted for 1/0 ct 
@ 900-MHz copper-based chips 

embe' dde d memory c sontre olle 1S 


| wSi4n ‘ition starting price f or 16-proces 


sor configuration 
| @$4 million price tag for 72-processor 
configuration 


buyer’s market for any high- 
| end system,” Brian 
Richardson, an analyst at Meta 
Group Inc. in Stamford, Conn. 
“Last year and in 1999, it was 
still a seller’s market because 
of Y2k-driven Web-enabling of 
| legacy applications. IT budgets 
are tighter this year.” D 


said 


“If they are sincere [about an 
open platform], there’s proba- 
bly an opportunity 
work together here,” said Chris 
Payne, vice president of mar- 
keting for the services plat- 
form group at Microsoft. “I 
don’t see it as a competitive an- 
nouncement.” 

Sun and its partners seem 
amenable to having Microsoft 
and New York-based AOL 
Time Warner Inc. work togeth- 
er on the technology. Execu- 
tives from Sun, RealNetworks 
Inc. and Bank of America 
Corp. extended their invitation 
publicly to Microsoft and AOL 
Time Warner when the al- 
liance was launched. 

Microsoft had already taken 
a more open stance with Pass- 
port, saying it would work to 
make its system interoperate 
with competing technology 
more easily. 

Such openness could benefit 
users and vendors alike. 

“I think more and more peo- 
ple are now realizing that a 
unified user identity system is 
very useful,” said Dana Gard- 
ner, an analyst at Aberdeen 
Group Inc. in Boston. D 


for us to 


Vance writes for the IDG News 
| Service. 








NEWS 


PATRICIA KEEFE 


IT in the Crossfire 


HE SUMMER after the U.S. bombed Libya, I flew into France 
on business in a nearly empty plane and landed in laid-back 
Nice, where customs was nonexistent. It was a different sto- 
ry flying out of Paris. Soldiers with machine guns were 


everywhere, check-in was time-con- 
suming, suitcases were opened, elec- 
tronics were turned on, and random 
checks were frequent. In the packed 
terminal waiting area, Arab passen- 
gers were viewed with suspicion. A 
woman sitting behind me played a 
chilling game with her son: “You tell 
me who you think the terrorists are, 
and I'll tell you who I think they are.” 
On another business trip — this 
time to British Telecom in London - 
we were subjected to metal and gun- 


tered the BT building, even though we 
had been invited. Flying out of Heathrow was 
more of the same, only this time, I became the 
subjeci of random checks — so frequent I 
stopped putting my passport and ticket away. 
Now, as we gingerly begin to rebook travel, we 
all know the process of traveling is going to 
change in a big way. Much of this is good — air- 
line security in this country is a joke. 
But recent moves by law enforcement to gain 


unfettered access to data that is created, collected 


¢ ‘World 


PATRICIA KEEFE is news 
director at Computer- 
world. You can contact 
her at patricia_keefe@ 
computerworld.com 
powder searches every time we en- seeeeenereenenemeaa 


and stored electronically should wor- 
ry you. Whether it’s wiretapping, 
transaction or credit histories, e-mail 
logs or tracking clicks, IT is at the 
center of this debate. Remember the 
ethical debates over the e-mail police? 
Or the hue and cry that arise over any 
attempt to sell customer data collect- 
ed under the promise of privacy? 

If some policymakers have their 
way, anyone charged with collecting, 
storing or mining data or with admin- 
istration of e-mail lists and customer 
demographics could be asked to pro- 
duce that information at any time. And 
that’s the scary part, because America is what it is, 
and we are who we are, precisely because of our 
openness and many freedoms. If we trample civil 


liberties into the ground, then terrorism wins. 


This isn’t a time to lose our heads; it’s a time 
for reasoned discussion. Whether you find your- 
self on a development team creating the technical 
means or on the front end, controlling access to 
the data, speak up: You can help shape this policy. 
It’s now or never. DB 


COMPUTERWORLD October 1, 2001 


PIMM FOX 
Get Serious About 
Getting Prepared 


ENTION San Francisco, and 

people think earthquakes. They 

ask what we do to prepare for 
life on a fault line. Unfortunately, the an- 
swer is, “Not much.” 

In 10 years, San Francisco has never had a city- 
wide emergency drill, nor a corporate exercise for 
large-scale disasters, either for people, IT opera- 
tions or communications. 

This has to change. 

Many firms don’t have 
fire hoods, flashlights or 
light sticks as part of their 
standard emergency kits. 
Some don’t have floor war- 
dens trained in emergency 
procedures. 

Of course, obvious plans 
for IT involve backup of 
critical data off-site. 


PIMM FOX |S 
Computerworld'’s West 
Coast bureau chief. Con- 
tact him at pimm_fox@ 
computerworld.com. 


ar err cmaReBEETT 


“A large number of busi- 
nesses at the World Trade 
Center didn’t have off-site storage of critical busi- 
ness data,” says Neil Livingstone, chairman and 
CEO of GlobalOptions LLC, a risk-management 
firm in Washington. 

“You have to have appropriate data storage, and 
that means not having it in the same building,” 
Livingstone says. Even companies with sophisti- 
cated backup systems didn’t operate them ona 
nightly basis. “The Securities and Exchange Com- 
mission is confronting a situation in which some 
paper material had yet to be backed up,” he says. 

Similar to the paper strewn all over the blast 


| site in Manhattan, electrons from transactions 


taking place at the time of a disaster — bank 


| transfers en route — would be wiped out, unless 
| the operations had built-in redundancy. 


Another area for IT preparedness concerns lap- 


| tops. Knowing what's on laptops that get lost, 

| stolen or destroyed is critical to reconstructing 

| IT infrastructure. Many people keep information 
| without a backup to a secure (and redundant) 

| server. Backups to Orb or Zip drives don’t count. 


On a strategic level, companies need a crisis- 


| management plan that doesn’t sit on the shelf. 

| This plan should outline the duties and responsi- 
| bilities of employees, especially senior manage- 

| ment. It delineates who talks to the press, who 

| talks to customers and who is tasked with IT and 
| human resources responsibilities and lists key 


| e 
Quick For more Computerworld columnists and links to 


archives of previous columns, head to 
www.computerworld.com/q?q1000 


Link® 





COMPUTERWORLD October 1, 2001 


telephone numbers of emergency personnel. 

“A plan not tested is worse than useless,” says 
Livingstone. “It has to be tested to identify defi- 
ciencies, and senior management needs to take it 
seriously.” 

Even companies with IT operations in so-called 
safe havens will still do business where a disaster 
can strike and need to have recovery plans for the 
unsafe world around them. 

With U.S. military retaliation an ongoing op- 
tion, additional terrorist action is likely. Execu- 
tives who hesitate to prepare should ask, “What's 
the cost of losing the business?” 

We're all on a fault line now. B 


THORNTON MAY 
Info Security 
“Teachers’ Need 
More Learning 


LONGTIME editor of Scientific 

American recalls meeting a fa- 

mous movie critic. After intro- 
ducing themselves, the movie critic said 
she knew “absolutely nothing” about sci- 
ence. The editor responded, “Whatever became 
of the idea that an educated person is supposed to 
know a little something about everything?” 

It has become common knowledge that all 
stakeholders in the enterprise should “know a lit- 
tle something” about information security and 
privacy. The first two questions toward making 
our systems secure are, “How much do executives 
really need to know?” and, “How many companies 
have developed a ‘curricu- 
lum’ detailing what specif- 
ic business leaders, in spe- 
cific business roles, need 
to know?” In conjunction 
with scholars at Arizona 
State University’s College 
of Business, Guardent re- 
cently conducted a survey 
of 120 top-level executives. 
It turns out that less than 
10% have or manage a se- 
curity or privacy curricu- 
lum geared toward differ- 
ent information-handling 
responsibilities. 

Security professionals insist that better educa- 
tion of business executives is needed. They’re 
right, but while they think they should be the 
teachers, they really should be the students first. 
At first glance, writing down what must be 
known about security and privacy and who needs 
to know it appears to be pretty basic. But security 
and privacy professionals appear unable to put 


THORNTON MAY is 
corporate futurist and 
chief awareness officer 
at Guardent Inc. in 
Waltham, Mass. Contact 
him at thornton.may@ 
guardent.com. 


NEWS 


the security and privacy to-dos in the proper con- 
text for people who manage sensitive informa- 
tion. Why? Security people have never been 
known to distinguish themselves with dazzling 
feats of writing. Dostoevski and Tolstoy were 
pithy compared with contemporary security and 
privacy policy writers. So, the first lesson at secu- 
rity school should be basic writing skills. 

Then there’s the “bedside manner” of security 
and privacy professionals. They tend to be very 
good at telling us what’s wrong and what’s bro- 
ken, but most of them are mute when it comes to 
actually fixing the problem. Lesson two at securi- 
ty school: how to play constructively with others. 
Security experts have to stop being judge/jury, 
cop and start being therapist/counselor/creative 
problem-solver. 

Most security professionals would benefit from 
a bit of advice from journalists in the do’s and 
don'ts of telling a good story. Executives of the fu- 
ture won't tolerate messages that aren’t highly 
relevant to them and will filter them out. So, les- 
son three is storytelling. 

Assuming that the security curriculum has 





| Some Travel Needed 


OR INTRACOMPANY 

meetings where a 

structured relation- 
ship exists for responsi- 
bilities, videoconferenc- 
ing works fine [“Avoiding 
Travel, Users Turn to 
Communications Tech- 
nology,” Computer- 
world.com, Sept. 24]. But 
for sales and new project 
implementations, the 
proces 
ing, training and start-up 
will work only when you 
are face-to-face with the 
customer. 
James A. Kirkland 
Project consulting engineer 
Spirent Systems 
San Diego 


es of interview- 


| Jim.Kirkland@Spirent.Systems 


| Valuing Privacy 


ECURITY CANNOT 

be had without 

privacy [“Informa- 
tion Security Will Be 
Key With Lawmakers,” 
News, Sept. 17]. If citi- 
zens and corporations 
aren't allowed to choose 
and control what infor- 
mation is visible and to 


21 


been created and taught, the third question be 
comes, “Has the organization tested various audi- 
ences against that curriculum?” Again, we find 
that less than 10% do so. 

The all-important final exam question is, “When 
executives know what they need to know, does 
that knowledge change their behavior?” We asked 
the 120 executives, “Do you think it will be best for 
the future of your company if senior executives 
like you played a more active role in designing and 
implementing information security and privacy 
programs?” Ninety-one percent answered yes. 

Three months later, we returned to that 91% 
and asked, “Have you become more active in de 
signing and implementing information security 
and privacy programs?” Ninety-five percent said 
no. Executives endorse the theory and concept of 
security and privacy, but they don’t walk the walk. 

What this tells us is that most companies’ infor 
mation security organizations wouldn't receive 
passing grades in trying to upgrade enterprise 
awareness of what each employee needs to know 
and do to render their systems and the data 
housed in them secure. DB 


a age 


whom, including choos- 
ing what is and is not 
visible to the govern- 
ment, then none of us is 
secure. 

Why on earth would 
we believe that it’s al- 
ways safe for govern- 
ment officials to be able 
to snoop in every single 
aspect of our lives? Why 
would we assume people 
are guilty until proven 
innocent if they simply 
wish to control their 
own extended informa- 
tion shadow? I beg of or- 
ganizations like the As- 
sociation for Computing 
Machinery that they rec- 
ognize the incredible 
threat of total govern- 
ment surveillance and 
speak against it. 


| Samantha Atkins 
San Jose 


| dust-in-Time Layoffs? 


OU WOULD have 

to be pretty naive 

to believe that 
Boeing is laying off 
30,000 workers as a re- 
sult of the terrorist 
strikes on Sept. 11 [“Boe- 
ing to Lay Off up to 


30,000 Workers,” Com- 


| puterworld.com, Sept. 


19]. The buying cycle on 
airplanes is quite 
lengthy, and a slowdown 
in Boeing’s commercial 
plane operations has 
been coming for months. 
It’s frustrating to see so 
many laid off, but don’t 
give the terrorists so 
much credit. 

Ryder Todd Smith 

Irvine, Calif 
rydersmith@home.com 


Nimda Cure Too Strong 
N THE SEPT. 24 article 
“Nimda Needs Harsh 
Disinfectant” [Page 

One], you state that the 

CERT Coordination 

Center and the SANS In- 

stitute both recommend 

that “until more sophisti- 
cated fixes become avail- 
able, the only sure 
course is to disconnect 
all infected systems from 
the network, reformat 
their hard drives, re- 
install all the software 
from a secure source and 
apply the appropriate se- 
curity patches.” This is 
not a correct statement. 


There are several pro- 
grams available that au- 
tomatically clean and re 
move the virus from the 
infected server or work 
station without having to 
reformat the hard drives 
and reinstall all software. 
Check out the following 
link from Trend Micro: 
www.antivirus.com 
vinfo/virusencyclo 
defaultS.asp?VName 
PE_NIMDA.A. 

Brian Smith 
Network administrator 
Eruces Inc 

Lenexa, Kan 
bsmith@eruces.com 


COMPUTERWORLD 
comments from its readers 
Letters will be editec ) 

and clarity. They should be ad- 
dressed to Jamie Eckle, letters 
editor, Computerworld, PO Box 
9171, 500 Old Connecticut Path 
Framingham, Mass. 01701 


| Fax: (508) 879-4843. Internet 

| letters@computerworld.com. 

| Include an address and phone 

| number for immediate verification. 


sh > For more letters 
Cc on these and 


Tmk@ other topics, visit 
our Web site: 


www.computerworld.com/q?q5000 





Stretching the limits of your data storage systems? 


DS 


eds.com 


EDS Intelligent Storage Services, with the burstable capacity of Liquid Storage™, can tame your most volatile e-business 
flows with confidence, without bursting limited capital budgets. Intelligent Storage Services, offered by EDS and 
other service providers digitally powered by EDS, gives you the storage capacity you need, when you need it. 
Call us at 888-889-1392, or visit us online at eds.com/storage, before your current system leaves you all wet. 





COMPUTERWORLD October 1, 2001 


HOME IMPROVEMENT 


When Jean Holley joined USG as 
its first CIO three years ago, she 
was charged with reconstructing a 
legacy-bound IT infrastructure, 
updating an IT staff that had 1970s- 
era skills and forging a closer part- 
nership with untrusting business 
units. PAGE 24 


THE DOT-COMEBACKS 


Many IT managers, like Longaberg- 
er CIO Cynthia Hilliard (above), 
are rehiring staffers previously lost 
to dot-coms and trying to establish 
the kind of perks that lured them 
away in the first place. PAGE 28 


SPEEDING DELIVERY 


Ford and UPS are six months ahead 
of schedule in achieving productiv- 
ity gains from a system that’s de- 
signed to make car and truck deliv- 
eries faster and more predictable. 
PAGE 30 

HOW WE'LL WORK 

The IT workplace is experiencing 
tremendous change in the wake of 
dot-com mania — including more 
casual work environments and a 
trend toward telecommuting — 
but not all IT managers or staffing 


experts think those changes are for 
the better. PAGE 34 


BUSINESS = 


PAUL A. STRASSMANN 


ecure the Internet 


OW WILL LAST MONTH’S TERRORIST ATTACKS affect cor- 
porate IT? Hijacking and crashing four jetliners was only one 
move in a concerted campaign to disrupt global commerce, 
damage U.S. economic interests, erode U.S. power and foment 
distrust in the conduct of international business. Given those 
objectives, I’m quite sure that high on terrorists’ checklists is a plan to 
wreck the Internet. If they can stop Internet traffic for a day or two, the ef- 
fect on business, and particularly on the future of IT, would be devastating. 


Current configuration and management practices 
for securing the Internet are roughly comparable to 
what has so far passed for airport security measures. 
Communications protocols were designed for coop- 
erative ease of use, not security. 

The software that runs the servers possesses 
known security holes through which increasingly 
virulent attacks are launched every day. The soft- 
ware that operates our desktops has been designed 
for convenience and is readily exploited by available 
attack tools. A large portion of more than 100 mil- 
lion powerful PCs and more than 10 million servers 
can, in an instant, be commandeered to serve as en- 
gines that amplify anything terrorists launch, guar- 
anteeing their anonymity and becoming weapons of 
mass corruption of Internet services. Thus, an IT 
network that’s negligently managed and known to 
be insecure becomes part of the terrorist’s arsenal in 
information warfare. 

All IT assets in the U.S. should now be seen as op- 
erating in a war zone. 

What could we see in this war zone? The most 
probable scenario is an attempt to col- 
lapse the Internet through a massive de- 
nial-of-service attack. One can begin when 
malicious code is implanted in unprotect- 
ed computers or when the attacking code 
sneaks past defenses unrecognized. The 
infected host is then induced to pass the 
attack package to others. Damage is in- 
flicted by all compromised computers, 
which become generators of a huge vol- 
ume of messages and make all other sys- 
tems inaccessible by overloading net- ( 
works with useless traffic so that legiti- 
mate users can’t access Internet resources. 
When that happens, operators must dis- 
connect the infected devices, and often, 
they must also reformat their drives and 
reinstall all software from a secure source. 


PAUL A. STRASSMANN 


former director of 
defense information at 
the Pentagon, has been 
lecturing on information 
warfare at the 
National Defense 
University since 1994. 


That would fit a terrorist’s idea of a perfect crime. 
Just like the attack on the World Trade Center, the 
target contributes to the spread of damages. The re- 
covery processes magnify the victims’ suffering. 
Meanwhile, an affected information system remains 
inoperable, and the personnel who depend on it are 
unable to work. Even if an attack fails, the terrorist 
wins because he can learn from each failure. Attacks 
are cheap and almost impossible to prevent, and 
damages can be enormous. That’s why defending the 
Internet’s integrity should be a public priority. 

The Internet’s current vulnerability is largely the 
result of gaping holes in the design of operating sys- 
tems that power servers. Vendors will offer “patches” 
to plaster over known cracks but will never fix the 
systems’ architectures. That’s why you receive one 
patch after another, each covering yet another variant 
of the same vulnerability. When you're operating in a 
war zone, you can’t tolerate such conduct, because 
you could unwittingly become an accomplice to 
cyberterrorism. The solution lies in mandating gov- 
ernment testing, certification and standards, just as 
prescription drugs, automobiles and build- 
ings are regulated to assure public safety. 

The Net’s vulnerability is the product of 
sloppy IT practices. Today, even driving a 
car or operating a bulldozer requires for- 
mal training, an examination, certification 
and adherence to codes. IT, which has be- 
come the lifeblood of America in the past 
30 years, leaves network operations to in- 
dividuals who have no legal accountabili- 
ty. In the information war zone, you can’t 
com), tolerate such leniency. 

The freewheeling, undisciplined days of 
network management practices are over. 
If your organization is connected to the 
Internet, IT must assume the added re- 
sponsibility of blocking access by infor- 
mation terrorists. D 





ae 


HEN JEAN HOLLEY 
walked into USG 
Corp. in 1998, it was a 
little like The Land 
That Time Forgot. As 
the first CIO in the 
100-year history of 
the Chicago-based 
building materials 
company, she had to deal with a 1970s 
IT infrastructure, a mainframe-orient- 
ed technology staff and a limiting ser- 
vice-oriented relationship with the 
business units. At USG, IT was viewed 
as an administrative function at best 


and as an obstacle to progress at worst. 


Holley, the company’s first female 
officer and an outside hire in an orga- 
nization that nearly always promoted 
from within, was given a mandate by 
Chairman and CEO William C. Foote 
to “shake things up.” Three years later, 
it’s evident she’s done just that. 

“We really had a need to bring in 
someone to elevate the profile of the 
IT function and to make it more strate- 
gically relevant,” says Ed Bosowski, se- 
nior vice president for marketing and 
corporate strategy and Holley’s boss. 

When Holley arrived from Houston- 
based Waste Management Inc., where 
she had served as IT director, she 
found a culture that was resistant to 


BUSINESSMANAGEMENT 


As the first CIO at USG, a 100- 
year-old construction materials 
company, Jean Holley had to 
pour anew IT foundation. 

By Kathleen Melymukz 


change. “If you started to work here, 
you could pretty much retire or die 
here,” says Tom Maurice, manager of 
IT for standards and technology and a 
22-year USG veteran. “People would 
say, ‘We've done it this way for 20 
years, and that’s how we do it.’” 

Holley wanted to transform the im- 
age of IT among corporate brass as 
well as on the plant floor. “For our se- 
nior executives, all the technical stuff 
is kind of icky,” says Mary Higley, an 
IT director who was in charge of Y2k 
preparation when Holley arrived. 

But one of her biggest challenges 
was to erase years of mistrust between 


AT A GLANCE 


USG Corp. 


HEADQUARTERS: Chicago 


CHARTER: Manufacturer and 
distributor of building materials, 
including Sheetrock-brand drywall 


REVENUE: $3.8 billion 

EMPLOYEES: 13,000 
ITEMPLOYEES: More than 150 
Note In June, USG filed for Chapter tt 
protection from asbestos lawsuits. 


the businesses units and IT. “IT used 
to be difficult to work with,” says Tra- 
cy Edwards, director of internal audit. 
“There were a lot of roadblocks and 
red tape and not a lot of cooperation.” 
As a result, end users in the 1980s 
began implementing their own tech- 
nologies, and “rogue” IT organizations 
began to evolve within the business 
units, recalls John Reale, who was then 
part of such a group in the firm’s sales 


| and marketing department. These 


kinds of IT rebel factions were com- 
mon among many companies in the 


early days of the PC, but while most IT 
| organizations eventually reabsorbed 


the renegades by evolving to PC-based 
systems, USG never did. 


| Fixer-Upper 


Holley inherited about 100 corporate 


IT employees who had worked under 
IT director Bill Duran. But in addition, 


there were unknown numbers of rogue 


IT workers and network managers in 
the 50 plants, which operated indepen- 
dently of corporate IT. Before Holley 
arrived, there were virtually no stan- 
dards in place outside the mainframe 
environment. 
The staff she inherited was led by 

seven male managers, all with comput- 


| er science backgrounds and 10 to 25 


years with the company. “You look at 
that and wonder how many fresh ideas 
or different opinions you have,” Holley 
says. “We had a lot of great people that 
were all the same.” 

She started by revamping her man- 
agement team. Duran, a 28-year USG 
veteran, was joined as IT director by 
Michelle Cassin, whom Holley had 
known at Waste Management and val- 
ued for her customer-centric perspec- 
tive. Cassin took over computer ser- 
vices, help desk and support. 





COMPUTERWORLD October 1, 2001 


Lisa Vrablik, also from Waste Man- 
agement, was drafted for her enter- 
prise applications savvy. Higley, with 
20 years of experience in USG finance, 
auditing, strategy and Y2k, was tapped 
as chief strategist. Reale, with sales, 
customer service, plant operations and 
rogue IT expertise, was brought over 
to take on customer-based applica- 
tions. “This is a very different team 
from three years ago, when they all 
looked like Bill,” Holley says. 

Holley made communications Rule 
1, Vrablik says. “So often, people are 
quiet at a meeting and then they go 


How Did 
She Do It? 


Listed below are some of Jean Holley’s 
accomplishments in attempting to 
change the corporate culture toward IT 


GAINING CORPORATE BUY-IN: 
1. Established the ClO as a 
strategic corporate player 

2. Involved senior executives in 
IT decision-making 

3. Forged partnerships with 
senior business managers 


1. Diversified IT management 
team's personnel and outlook 
2. Brought rogue IT units under 
corporate umbrella 

3. Developed metrics and clear 
career paths for IT ranks 


Building a Ne 





COMPUTERWORLD October 1, 2001 


have conversations over the water 
cooler and you find out what they real- 
ly think, and then you have another 
meeting. We don’t do that in IT. We 
don’t hold back at all,” she says. 

For example, at one of Reale’s first 
meetings with the group, he made the 
mistake of saying, “I'll discuss it with 
Jean later.” Holley recalls that Cassin 
responded, “Oh, no, John, we don’t 
have a meeting after a meeting. Bring it 
up now!” 

Holley also takes the whole team to 
conferences or visits to major vendors 
to gain outside perspectives. “She 


USG Corp. CIO Jean Holley 


BUSINESSMANAGEMENT 


forces us to go out and work with peo 
ple in other companies,” says Duran. 
“When you've been focusing on cost 
for so many years, that’s a hard turn, 
but I find it very refreshing.” 

One of Holley’s goals was to empow- 
er the team to act independently. She 
realized she had succeeded when the 
directors began meeting without her. 
“They invite me for my [input], and 
then they kick me out,” she says. 

Holley also revamped the IT rank 
and file from a hodgepodge of 80 job 
descriptions to three career tracks for 
technicians, managers and business 


analysts — a new concept at USG. 

Perhaps the most surprising thing 
she did was allowing the IT renegades 
to continue to report to the business 
units. “Especially in a manufacturing 
environment, managers would hate 
you if you yanked out their IT people,” 
she explains. Instead, she got to know 
the business unit leaders and brought 
their people into her communications 
loop with no strings attached. “You get 
to know these people, you share your 
plans, you learn about theirs, and sud- 
denly they’re saying, ‘When can I come 
work for you?’” she says. 

Still, it took time for Holley and her 
team to build trust. For example, Reale, 
who helped build the sales force auto- 
mation group outside of IT, helped 
bring it back into the fold this year. 
“Jean has eliminated that us-vs.-them 
approach,” he says. 


New Foundations 

In USG’s manufacturing division, 
which is hobbled by outdated main- 
frame systems, Holley and Dom 
Danessa, vice president of manufactur- 
ing, have been laying the groundwork 
for a new infrastructure — and achiev- 
ing incremental improvements — by 
standardizing processes. But the slow 
pace of change is difficult for both of 
them. “We're strapped with this old 
system, and how do you break out of it 
when you've still got to take orders 
every day?” Danessa says. “You've got 
to have a plan and patience.” 

To establish the CIO position among 
her executive peers, Holley formed an 
IT steering committee, which includes 
the heads of the three main USG busi- 
nesses. Then she began selling her vi- 
sion. “IT had always looked at things 
tactically,” she explains. “I have a 10- 
year outlook with a five-year rolling 


29 


window and a one-year set of initia- 
tives zo get us there. Understanding 
that and getting on the same page was 
probably the biggest challenge.” 

Getting the steering committee to 
fund major improvements has been a 
slow process. “There’s a little bit of, ‘Be 
here five years, Jean, and then ask for 
the big bucks,’ ” 
go much faster, but I have patience 
pills in my desk, and I take a lot of 
them.” 

Holley demands that the steering 
committee set the IT agenda. “Every 


she says. “I wanted to 


time there’s a big project, she makes 
sure there’s a senior executive sponsor, 
and if no one will raise his hand, then 
she’s not going to do it,” says Vrablik. 

Holley has established IT metrics 
around customers, employees and fi- 
nancials, and she’s building on IT’s 
successes. Last summer, she staged a 
“show and tell” for the steering com- 
mittee to demonstrate some of the 
small victories she’s achieved — in- 
tranet job postings, online training and 
customer self-service initiatives — and 
to get buy-in for more. She recently got 
the go-ahead to implement Oracle fi 
nancials, a big step toward revamping 
the company’s mainframe systems. 

Now, Holley is a recognized leader, 
says Bosowski. “She has made great 
progress in making IT a key part of 
corporate strategy,” he says. “She’s also 
very positive, energetic and enthusias- 
tic.” In fact, her energy is legendary. 

“It’s like she has a 48-hour day.” says 
human resources director Chris 
Rosenthal. “I’m still trying to figure 
out how to do the Holley shuffle 


employee metrics tha 
has set at USG and the 
behind them, go t 


www.computerworld.com/q?23452 


wil Culture 








§ 


The need to move to a new environment. 


The skill to deliver effective solutions. 


The scale to implement globally. 


> : 
P Industry 
D Acce 


The scope to maximize your return. 


Call AT&T toll free at 1866 329-1678 
or visit us at www.attbusiness.com/return 


2001 AT&T. 





BUSINESS 


EXT TO GLAMOROUS dot 
coms, which offered I'l 
professionals the chance 
to change the world and 
become millionaires while 
wearing bluejeans to 
work, some corporate IT 
organizations seemed like mousy 
country kin, especially as the compa 
nies competed for the same limited 
pool of IT talent. 

“The dot-coms gave us a sense of 
possibility, of the tremendous impact 
technology can have on a business,” 
says Cynthia Hilliard. As executive di- 
rector of IT at The Longaberger Co., a 
Newark, Ohio-based manufacturer of 
handmade baskets and high-end home 
accessories, she says, she saw dot-coms 
lure away several of her employees. 

Now, with dot-coms deflated and 
technology résumés flooding the mar 
ket, questions are arising about 
whether corporate IT organizations 
have learned any lessons from the dot- 
coms, and what IT professionals and 
job-seekers can expect from corporate 
employers. 

CIOs and IT human resources con- 
sultants say it’s still too early to gauge 
the true, lasting impact of dot-coms on 
the IT workplace. Even a widespread 
practice like casual dress codes could 
be a casualty, with some businesses 
opting to return to a more button- 
down look. 

But sources do cite two apparent 
long-term legacies of the dot-com 
boom: First, IT professionals will still 
ask for 
Second, corporate employers will lure 
the best IT talent by emphasizing key 
ways in which their companies differ 


— and receive — high salaries. 


from dot-coms, and their competitors. 
Hilliard suggests one key differentia- 
tor: “You still need to offer a product 


or service people want,” she says. 


“Technology becomes the enabler for 
that, not the focus.” 

As the dot-com dust settles, dot 
com-style dollars are still in the air. 
The demand for talent during the dot- 
com era pushed IT salaries to new 
heights in the first place. But the de- 
cline of those companies doesn’t signal 
the end of highly competitive compen 
sation, say consultants and CIOs. 

“Salaries were driven by dot-coms,” 
says Gene Trudell, general manager of 
computer services at U.S. Steel LLC in 
Pittsburgh. In his view, he says, the 
Y2k crisis, an explosion of new tech- 
nology, and the Internet came together 
in a “perfect storm” effect, escalating 
salaries precipitously. 

“I’m not sure that was an objective 
stampede,” Trudell notes. Still, he says, 
he has no plans to reduce salaries and 
points out that U.S. Steel did make 
some IT salary adjustments to “get us 
in line with the IT world.” 

Further, as his CIO counterparts in 
the Pittsburgh area were paying sign- 
ing bonuses of $5,000 to $10,000, 
Irudell relied on a 17-year-old intern- 
ship program to insulate his depart- 
ment from an overheated IT talent 
market. Instead of advertising open po- 


sitions, Trudell filled them by hiring as 


COMPUTERWORLD October 1, 2001 


many as half of each group of interns 
to provide experienced talent for U.S. 
Steel’s offices around the country. 

Other corporate CIOs are ensuring 
that their companies are competiiive 
with the new IT salary scale. Long- 
aberger is completing a job analysis 
survey, comparing its IT salaries to 
those in the marketplace, even though 
the company’s turnover rate is less 
than 5% this year, says Hilliard. 

Consultants note that while their 
clients aren’t scaling back IT salaries, 
they will be offering lower raises. But 
even then, the drop will hardly be cata- 
clysmic. “No one is thinking of double- 
digit increases, but the percentages 
aren't dropping to the 4% raises seen 
by the non-IT population,” says 
Georgine Young, a senior consultant at 
Lincolnshire, Ill.-based Hewitt Associ- 
ates LLC. 

Further, consultants say many cor- 
porate IT organizations have adopted 
the dot-com practice of project- and 
performance-based bonuses, some- 
times called “variable pay,” and are 
likely to continue this approach. 

“Ten years ago, it was very unusual 
for nonmanagement IT professionals 
to receive this kind of compensation,” 
says Dave Van De Voort, leader of the 


While hundreds of dot-com 


companies have ce< 


ised to be 


in the past year, ie lefta 
lasting impact on how we pay 


and reward IT workers. 
By Sharon Watson 


Return of the 
DOT-GONERS 





COMPUTERWORLD October 1, 2001 


global IT workforce effectiveness 
group in the Chicago office of William 
M. Mercer Inc., an international hu- 
man resources consulting firm. “That's 
a very positive legacy.” 

Similarly, Van De Voort and other 
consultants say making stock options 
available to IT employees is another 
permanent dot-com influence. Mercer 
surveyed 500 IT professionals last fall, 
and even though many had seen their 
stocks lose value, most said they want- 
ed stock as part of their compensation. 


A New Attitude 


All the dollars tossed around to woo 
IT talent may have forever altered how 
IT professionals view their jobs — a 
trend corporate IT needs to anticipate 
because it could affect retention and 
productivity, say several consultants. 

For example, Van De Voort says he 
believes the money frenzy has severed 
the once-strong link between the in- 
trinsic gratification IT professionals 
get from solving technological puzzles 
and their job satisfaction. 

“We've made traditional IT more 
coin-operated” in that more IT profes- 
sionals may now rank money ahead of 
challenges, Van De Voort says. “That’s 
a real loss.” 


“THE DOT-COMS gave us a sense of possibility,” Says Cynthia Hilliard of Longaberger, 
pictured outside Longaberger’s headquarters building in Newark, Ohio. 


BUSINESS 


Job loyalty may also be gone, as IT 
professionals have grown to appreciate 
their worth, at least within savvy cot 
porations. 

“IT professionals now understand 
you don’t work somewhere forever,” 
says Linda Pittenger, president and 
CEO of People3 Inc., a Gartner Inc. hu 
man resources consultancy in Bridge- 
water, N_]J. 

“Conditions are perfect for IT pro 
fessionals to be free agents,” says 
Bruce Tulgan, author of Winning the 
Talent Wars (WM. Norton & Co., 2001) 
and founder of RainmakerThinking 
Inc. in New Haven, Conn. “They’ll just 
find they’re free agents in a more com- 
petitive market.” 

Some consultants say corporations 
may wind up relying on money to mo- 
tivate talent because too few corporate 
IT departments can match the atmos 
phere of excitement and purpose that 
drove so many dot-com firms and cor- 
porate dot-com initiatives. 

However, many CIOs say more than 
a few IT employees who left for dot- 
coms wound up missing some aspects 
of their old jobs. 

“They'd call and say they were work- 
ing like dogs, or that the IPO wasn’t 
going to happen,” Hilliard recounts. 








She notes that Longaberger, a family- 
owned company, has long offered a 
casual-dress atmosphere, a wide vari- 
ety of projects to work on and an em- 
phasis on work/life balance. When 
dot-com defectors called her to ask for 
their old jobs back, most said they es- 
pecially missed that balance, according 
to Hilliard. 

But prodigal IT talent shouldn't 
count on their former CIOs fattening 
calves for them. CIOs say they consid- 
er rehiring only the very best of these 
former employees. And no CIO would 
admit to making any environmental 
changes based on a former dot-com 
employee’s advice. 

In fact, many corporate CIOs say 
that rather than changing their 
cultures, the dot-com boom has led 
them to emphasize their organizations’ 
differences as selling points to poten- 
tial IT talent. For example, Trudell says 
U.S. Steel can’t permit its IT employ- 
ees complete scheduling freedom, but 
he does offer flextime within limits — 
and he emphasizes that unlike the dot- 
com world, his IT professionals gener- 
ally work reasonable, not round-the- 
clock, hours. 

Another “brand benefit” that corpo- 
rate IT departments could emphasize 
is the fact that, like many dot-coms, 
they enable IT professionals to follow 
career paths that encompass technical 
and business positions, but in a more 
stable environment than most dot- 


| coms offered. 


For example, Suzanne Yoder is 
e-business manager at arts-and-crafts 
company Plaid Enterprises Inc. in Nor- 
cross, Ga. She says she came to that 
position from the company’s market- 
ing and branding organization, so she 
knew that providing product informa- 
tion, project ideas and consumer in- 
structions were vital to effectively sell- 
ing arts-and-crafts materials. Yoder 
then learned the technology to ensure 


| that those critical cross-references 


were mirrored in the database driving 
the company’s Web site. 

It’s that kind of flexibility that more 
IT professionals are enjoying today, 
says Van De Voort. “IT skills are very 
transportable,” he says. 

The downside of that is a dilution of 
what it means to be an IT professional, 
because so many people can claim that 
title. The upside, however, is that as IT 
permeates all aspects of the business 
world, it becomes a tool for creating 
new business, thus enhancing the val- 
ue of IT employees and the role of the 
CIO, says Van De Voort. D 





Watson is a freelance writer in Chicago. 


Learning to 
Forgive and 


Forget 


If you’re a CIO or IT executive, 
don’t be too sure that the dot-com 
bust has left you sitting in the cat- 
bird seat when it comes to hiring 
IT talent or retaining existing pro- 
fessionals. The consensus is that 
talent is still scarce for some key 
positions and your best IT profes- 
sionals will always be in demand 
by someone. 


Strategies to Consider: 
Keep salaries competitive. “If you try to 
get cheap with your IT workforce, you'll be 
talking to me this time next year about your 
turnover problem,” says Dave Van De 
Voort, leader of the global IT workforce ef- 
fectiveness group at William M. Mercer. 

it's unlikely you'll have the leeway with 
your IT hiring budget that you may have en- 
joyed in recent years, say human resources 
consultants; however, higher IT salaries are 
here to stay, so expect to pay market rates 
for proven professionals. Annual bonuses 
for IT are likely to drop across all industries 
though. 


Make nice with your hard-to-replace 
professionals. IT talent with hard-to-find 
skills can still negotiate on their own terms 
According to the “People3 2001 IT Market 
Compensation Study,” released in July, the 
hot titles in demand are network architect, 
which takes an average of 4.2 months to 
fill; database administrator (3.7 months); 
network engineer (3.6 months); and man- 
ager of client technology (3.3 months). 


Be selective when you can. With more 
professionals on the market, for many 
positions, you don't have to hire the first 
warm body that comes along. Human re- 
sources consultants warn IT departments 
to check references and ask tough ques- 
tions to ensure that candidates truly have 
the skills they're claiming. 


Try a new approach. Now is a prime 
time to test new thinking about how to 
staff your department. “Get much better at 
flexible staffing,” urges Bruce Tulgan, au- 
thor of Winning the Talent Wars and 
founder of RainmakerThinking. He recom- 
mends taking a page from the dot-coms 
and hiring teams of independent special- 
ists on an as-needed basis to tackle specif- 
ic projects, basing pay strictly on perfor- 
mance, such as deadlines met and results 
delivered. 


- Sharon Watson 





30 


BUSINESS 


Ford’s Vehicle- 
Delivery Project 
Ahead of Plan 


Last year, we reported on Ford's plans to 
enlist UPS Logistics in making new car 
and truck deliveries speedier and more 
predictable. Twenty months later, they’re 
ahead of schedule. By Kim S. Nash 


We're optimistic 
in achieving 4% 
or 5% additional 
improvement 
[by the end of 
the year]. 


FRANK TAYLOR, VICE PRESIDENT OF 


MATERIAL, PLANNING AND LOGISTICS, 


FORD MOTOR CO. 


ORD MOTOR Co. and UPS Lo- 

gistics Group Inc. are seeing 

productivity gains six months 

sooner than expected froma 

system designed to make new 
car and truck delivery faster and more 
predictable. 

Ford has adopted proprietary, Unix- 
based logistics software from UPS Lo- 
gistics. It replaces a group of 
homegrown systems and 
manual processes that 
weren't able to give Ford 
managers a complete status report on 
its cars and trucks as they are en route 
to dealerships in the U.S. 

In February 2000 [News, Feb. 7, 
2000], Ford began work with the 
United Parcel Service Inc. division in 
an effort that has already knocked four 
days out of the typical 14- or 15-day cy- 
cle for moving a vehicle from a manu- 
facturing plant to a dealership. By do- 
ing so, Ford also has seen the value of 
its vehicle inventory shrink by $1 bil- 
lion, which, in turn, is expected to cut 
annual inventory-carrying costs by 
$125 million, according to officials at 
the automaker. 

The ultimate goal for the two com- 
panies is to decrease delivery time by 
two more days — for a total of six — 
and they’re almost there. 

“We're optimistic in achieving 4% or 

| 5% additional improvement” by the 

| end of the year, says Frank Taylor, 

| Ford’s vice president of material, plan- 

| ning and logistics. That could translate 

| into eliminating as much as another 
day from the process by December. 


| good enough. 


| grown point solutions that didn’t give 


Historically, Ford gave dealerships 
estimated delivery dates that weren't 
accurate. Those dates were then 
passed along to waiting customers. In 
addition, railroad or trucking delays 
would further alter the schedule. Ulti- 
mately, Ford didn’t have a good handle 


| on the status of its vehicles in transit. 


“Once you shipped it, you couldn’t 
give a reliable date, plus or minus days, 
when anyone would see it or where it 
was,” Taylor says. “And now we can.” 


| Stand and Deliver 


Pete Greiner, owner of the Greiner 
Ford dealership in Casper, Wyo., says 
he began to see better delivery fore- 
casts last summer, about six months 
into the process. 

In the past, Greiner would tell wait- 
ing customers that their cars and 
trucks would arrive within a range of 
several days. Sometimes that wasn’t 


“We've had consumers get so frus- 
trated because [they had] vacations or 
hunting trips coming up. They'd say, ‘If 
you can’t get the truck in time, I’m go- 
ing elsewhere,’ ” Greiner says. “Now, 
we can say to customers, ‘We firmly 
believe your truck will be here Aug. 
25, and, by golly, it shows up.” 

Most of Ford’s legacy systems for 
tracking vehicle delivery were home- 


the company a unified view of events. 
In fact, a lot of the in- 
formation used for tracking 
vehicles was scribbled 
down on paper. 

The Ford system tracks cars and 
trucks by vehicle identification num- 
ber (VIN). Workers from UPS Logis- 
tics and Ford, as well as people at the 
railroads and trucking companies that 
haul Ford vehicles, use handheld com- 
puters to scan the bar codes for each 
VIN as the vehicle proceeds from a 
plant via rail or truck to a dealership. 

Executives from both Atlanta-based 





COMPUTERWORLD October 1, 2001 


UPS Logistics and Ford declined to 
comment on how much the project has 
cost. One-hundred and twenty people 
are involved: 93 from UPS Logistics 
and 27 from Ford. 

Aside from technology changes, re- 
arranging the people processes along 
the distribution chain has also helped 
improve delivery performance. 

For example, Ford has persuaded 
some of its 6,000 dealerships to extend 
the hours during which they will re- 
ceive and unload new vehicles. 

Previously, dealers typically accept- 
ed vehicles Mondays through Fridays 
from 9 a.m. to 5 p.m. Now, many deal- 
ers will take delivery in the evenings 
and on weekends. 

UPS Logistics helped Ford figure out 
that having a wider window for deliv- 
ery meant less of a backlog on Ford’s 
railroad and highway carrier routes. 
UPS Logistics monitors the traffic at 
railroad offices and out in the field, 
says Andy Gonta, vice president of au- 
tomotive at Canadian National Railway 
Co. in Montreal. 

Before, a shipment of cars and 
trucks “would hit a facility on a Friday 
and would sit until Monday, and so 
would the vehicles that hit on Saturday 
or Sunday,” Gonta explains. “It would 
take you until Wednesday to get it 
sorted out.” 

Next on Ford’s agenda: a Web appli- 
cation designed to let dealerships track 
specific vehicles in transit in real time. 
The system will allow dealers to ex- 
tract data from Ford’s many different 
back-end manufacturing systems, com- 
bine it with information from rail and 
truck carriers and funnel it all into a 
middleware system that will collate it 
before it’s Web-enabled. 

Ford said it expects to roll out the 
application next year; 21 Ford dealers 
are now testing it. 

Ultimately, Taylor says, the system 
will be “very close” to UPS’s own Web- 
based package-tracking application. D 


Ford Motor Co. and 
UPS Logistics Group Inc. 


GOALS 


1. Cut up to six days from a vehicle-deliv- 
ery period that’s typically two weeks long 


2. Make delivery more predictable by 
knowing more about the location of cars 
en route from Ford to dealerships 


3. Create a Web-based vehicle-tracking 
application similar to UPS's package- 
tracking system 


STATUS REPORT | 


1. Four days have been cut from vehicle delivery, 
a milestone reached six months ahead of plan. 





2. $1 billion worth of vehicle inventory has been 
reduced. Ford expects to cut annual inventorv- 
carrying costs by $125 million. 


3. The Web-tracking system, now in pilot test- 
ing, is due next year. 





The hp netserver. 


priced by someone else. 


@ | 


invent 


inte! el 


pentiume/// 


Now you can get an ingenious HP 
Netserver at a downright silly price. 
HP Netservers are reliable and fast, and 
feature Intel® Pentium® Ill processors. And 
Netserver has the memory and storage you 
need to keep your business up and 
running. For a limited time, get 0% apr 
financing* on selected e800 Netservers. 
HP’s hottest servers at their lowest prices 
ever. Now that’s savings you can rely on. 


hp netserver e800 


e Intel® Pentium® Ill processor 866MHz 
w/256KB L2 cache # 128MB ECC SDRAM 
¢ 9.1GB SCSI HDD © 40x Max-speed 
CD-ROM ¢ 0% apr financing* available - 
contact your local 

reseller by calling SOG49 
888.276.9876 or visit 
www.bstore.hp.com SKU P2458A 


Offer ends October 31, 2001. 


Call 1.800.243.9812, contact your local reseller, or visit www.hp.com/go/bizsku32 


0% apr financing based upon a 24-month financing term and subject to final HP credit approval. Minimum financed amount is $1500. More than one new server may need to be purchased to qualify. Estimated sireet price for the e800 P2458A is $949, e800 P2460A 
giao Estimated monthly payment is $39 and $63 respectively. Actual prices may vary. Offer expires October 31, 2001. intel, the Intel Inside logo and Pentium are registered trademarks of Intel Corporation. ©200 | HewlettPackard Company. All rights reserved. 





— 


The death of business-to-business 
e-commerce has been greatly exagger- 
ated, says Sandy Kemper, who in July 
was elected chairman of the Global 
Trading Web Association, the board 
council for the Global Trading Web 
(GTW). 

Corporate members of the associa- 
tion, such as Cable & Wireless PLC, 
Citigroup Inc., Commerce One Inc., 
Deutsche Telekom AG, Mitsubishi 
Electric Corp. and Pricewaterhouse- 
Coopers, have seen their respective 
e-commerce activities grow 400% to 
500% annually, Kemper says. 

But to keep the e-ball rolling, par- 
ticipants must now work together 
to establish interoperability across 
markets, not just within their own 
markets, says Kemper, who is also 
CEO of eScout LLC, a Lees Summit, 
Mo.-based B2B exchange. Kemper 
recently discussed these issues with 
Computerworld’s Gary H. Anthes. 








BUSINESS — 


What are the immediate goals for the GTW? 
The first is to manifest success in 
the [individual member] market- 
places. How do we measure that? 
Transaction volumes, revenues 
and cost savings. The second goal 
is to make more robust the inter- 
operations that are across the vari- 
ous marketplaces. 


WHO IS HE? 
Alexander “Sandy” 
Kemper, 36, is chair- 
man of the Global 
Trading Web Asso- 
ciation, a group of 
44 providers and 
users of electronic 
services to 250,000 
companies in more 
than 100 countries. 








How are these marketplaces doing now in 
terms of transactions, revenue and 
cost savings? Very few [electronic] 
marketplaces around the world 
have lived up to their own projec- 
tions, in part because everyone 
was too optimistic about how 
quickly cultural change would 
take place in the way people were 
procuring. But clearly, change is 
taking place. Transactions are up, 
revenues are up. [GTW] has never 
announced revenue and transac- 
tions as an entity. But you'll soon 
see an announcement that will be 
fairly stunning. 


What advice would you offer a company 


that’s about to embark on a business- 
to-business e-commerce initiative? 
The implementation of e-com- 
merce in any company must be 
driven by top management. We 
are talking about significant bot- 
tom-line savings, but sometimes 
those savings come at a cost to the 
existing structure and to the peo- 
ple in that structure. There's cul- 
tural resistance and fear. You can 
take a lot of menial, manual work 
out of the purchasing department. 
But to think that this is something 
that’s going to be quickly adopted 
in the purchasing department is 
probably false without strong sup- 
port from the top. 


How can you achieve the interoperability 


across marketplaces that you are seek- 
ing? The technological problems 
have gone a long way to being 
solved. What’s important now is 
the business rules. The creation of 
trust is perhaps the most impor- 
tant mandate we have today inside 
the GTW, a trust that will enable 
us to build business relationships 
that will cause intermarketplace 
trade. 


Does that include security? Security is 
part of trust. We have to maintain 
security and privacy, and there has 
to be economic standards for inter- 
marketplace trade. If I sell this in 


Interoperabili 
Across -Markets 


COMPUTERWORLD October 1, 2001 


your marketplace, how will you 
treat my buyer? And if a buyer 
from your marketplace is transact- 
ing with a supplier in mine, how 
will I treat that buyer? How will 
you treat my supplier? And it can’t 
be a closed environment. It’s de 
facto evidence of lack of trust if 
you don’t open up to everyone. 
Rules for interoperability have 
more to do now, I believe, with 
the basics of business and less 
with the basics of technology. 


| Still, we hear about battles between elec- 
tronic data interchange (EDI) and XML. 
EDI and XML aren't incompatible. 
You can take EDI and wrap it in 

an XML wrapper and move it into 
an XML-based system and be just 
fine. We want to make possible 
transactions in EDI, XML, even 
paper-based transactions — flat- 
file transactions. We have to make 
sure we are not putting up any bar- 
riers to entry. 


Why is the GTW now becoming independent 
from its creator, Commerce One? 
{Commerce One] created the GTW 
operating on [its] platform. Now 
the GTW has reached enough crit- 
ical mass to stand on its own, and 
the GTW recognized it must be 
open to all marketplace operators, 
not just those on [that] platform. 
We have to make sure our interop- 
erability standards are not specific 
to any particular technology. So 
that’s Ariba, Oracle, SAP — any 
technology platform. 


In speeches, you have consistently been the 
champion of the little guys, the small 
and midsize companies. It’s not just 
because I like the little guy. Small 
and midsized enterprises [repre- 
sent] 65% of the [U.S.] economy. 
You can build giant applications 
for giant corporations and still 
only get 35% of the economy. 

So no [GTW] e-procurement or 
e-commerce plan will be complete 
without full inclusion of the sec- 
ond-, third- and fourth-tier manu- 
facturers and suppliers in the 
supply chain. 


Is there a danger that won’t happen? 
Yes. ... But eScout exists because 
we have [served] those little guys. 
I have 16,000 or 17,000 buying 
corporations in our marketplace, 
and I am seeing increased [spend- 
ing] and increased transactions. 
Every week this year, we set a 
new record. D 








Tired of too-good-to-be-true sale prices 

making you look bad? Then you'll love 

the deals HP is offering on Vectra desktop 

computers. Vectra is easy to manage and 

support, and uses an Intel® Pentium® Ill 

P ” processor to give you the speed and 

Sale-priced facelifts bad. power you crave. With 128MB of RAM, 

; HP’s Vectra is powerful, smart, and won't 
Sale -pricea Cc omputers Goo a leave you grimacing. 


“yy 


HP PCs use genuine Microsoft Windows 
www.microsoft.com/piracy /howtotell 


Call 1.800.243.9812, contact your local reseller, or visit www.hp.com/go/bizsku32 


Price is estimated street price. Actual price may vary. Monitor not included. Photographs may not accurately represent exact configurations priced. Intel, the Intel Inside logo and Pentium are registered trademarks of Intel Corporation. Microsoft and 
Windows are either registered trademarks or trademarks of the Microsoft Corporation in the United States and other countries. ©2001 HewlettPackard Company. All rights reserved 





BUSINESS pnrrae tt” COMPUTERWORLD October 1, 2001 


HEN JOE GALLO, not how do I stay employed.” 
vice president Despite the slowdown in the econ- 
and chief tech- | omy, job hopping has become the 
nology officer at | norm for IT professionals. Having a 
Cox Interactive | number of previous employers ona 
Media Inc., goes | résumé is no longer something nega- 
to work, he heads upstairs to an At- tive, which makes retaining employ- 
lanta loft with a lounge, ping-pong | ees more difficult. 
table, refrigerators with soft drinks and | “Attracting and retaining and moti- 


— important when there’s alooming | vating technologists is a survival issue 
deadline — free coffee. for this millennium,” says Allan Woods, 
Things have come a long way since vice chairman and chief information 

Gallo began his career at Electronic officer at Mellon Financial Corp. in 
Data Systems Corp., at a time when Pittsburgh. 
that company had just started allowing | “Clearly, you have to pay people — 
employees to wear striped shirts. it’s the price of admission. But those 
“Even a major company like EDS is_ | are openers, jacks or better,” Woods 
says. Increased compensation will 


business casual now, and they’re all 


IT,” Gallo says. j come from incentive pay, and not 
Now that corporations have fully everyone will receive it. Mellon plans 
embraced technology and the need to | to focus on rewarding top employees. 
compete for skilled technologists, the | Some workplace trends could even 
way in which IT professionals work is__ | | be counter to business ends, like the 
undergoing a variety of changes. notion of dispersing IT workers. 
Despite the closing of dot-comsin | “Because IT has enabled people to 
massive scale, those companies have | work anywhere, the big push for com- 
panies is to use location to recruit and 


had a dramatic impact on the perks 
that IT workers are offered, on the te I} * IT k | 2210 d » : retain people,” says Bob Gaudreau, 
access to technology that workers 1e WOr p aCe ] S u n Cc rgomg who is in charge of U.S. development 


across the board can enjoy and on the for Regus Management Ltd. in Chert- 


environment that companies provide | change, especially in the \ rake of | sey, England. 


for them. But there is some disagree- | | : d . 4 os - = But scattering employees can have 
ment emerging on whether the | t 71 C ot-c om mM a nN la . Not C ve i some unexpected consequences. “One 
changes are for the better or worse. ° 7° thing that’s gone downhill in an unfor- 
IT professionals are often dressed | on e th 1 nks the ch a Nn Les a re for tunate way was the demise of the ter- 
in jeans and focusing on business ba- ; ) eae : . minal room,” says Fisher. “There was a 
sics —many times from the comfort of | the best. | 5\ Lh k S] rman lot of informal information-sharing 
their own homes. But some ask, inthe | ’ that is not as intense now that every- 
face of high pressure and short dead- body’s got their own computer.” 
lines, whether such trends actually Then there are the psychological 
threaten to derail future progress or 7 ramifications, says Edward Klein, 
the image of the IT worker. aia who is a professor in the psychology 
“The change started to occur with and psychiatry departments at the 
the era of client/server,” says Neil Fox, | s : University of Cincinnati and a faculty 
vice president and CIO at Cleveland- : member at the Cincinnati Psychoana- 
based Management Recruiters Interna- ‘ lytic Institute. 
tional Inc. “Then the Internet changed , “Sociai and work connections are 
everything. People realized that you : : needed to maintain a tie between the 
could actually create an application ; employee and the organization,” says 
and deploy it in less than 12 months.” ; Klein, who emphasizes the need for 
Many would argue that an increased , group action and activity. “Even 
emphasis on business could only do a . though you can do a lot of things by 
world of good. But not all IT profes- : : . teleconferencing or e-mail, I’m talking 
sionals see every change hitting the about the psychological connected- 
technical workplace as positive. Pres- : 4 ness.” The result could add to disloyal- 
sures on businesses have extended to f J ty and higher turnover. 
technology groups. Deadlines continue s So in a way, some of the current 
to become shorter as companies want , F , trends in IT departments could move 
increasing benefits with faster turn- , P aN people back to an isolated existence 
around, and technologists are being 7 f similar to early data processing 
held accountable for providing results. departments. The trick for companies 
“In the old days, I had a lifetime P will be to add flexibility in the work- 
contract,” says Tracy Amabile, a part- . place without severing the connection 
ner in human resources for manage- : between technology and business. DB 
ment consulting at Price Waterhouse- : 
Coopers. “Now, there’s a focus on : Sherman is a freelance writer in 
how do I become more employable, 5 Marshfield, Mass. 














“tel 
inde 


pentiume/// 


Now you can get a small, lightweight 

HP Omnibook at a small, lightweight price. 

The Omnibook is fast and powerful, 

featuring a mobile Intel® Pentium® III 

The hp omnibook will processor. And Omnibook has a large, 
clear display and a powerful battery that 

allows you to get up and go for up to four 
hours without recharging. Which goes to 


Your heavy wallet will 


show that while mobility may have a price, 
it doesn’t have to drain your wallet. 


hp omnibook XE3 


* Mobile Intel® Pentium® Ill processor 8SOMHz 
e 14.1-inch TFT display © 128MB SDRAM 
; P © 20GB enhanced IDE HDD ¢ S3 Savage/IX 

[iy graphics controller ¢ 56K v.90-compatible 
aaa modem - 10/100 LAN 

combo ® 8x Max-speed $] 5OG 

DVD-ROM ® Microsoft® 

Windows® 98 SKU F2337WT 


HP PCs use genuine Microsoft Windows Offer ends October 31, 2001. 


www.microsoft.com/piracy/howtotell 


Call 1.800.243.9812, contact your local reseller, or visit www.hp.com/go/bizsku32 


Pric 


ice is estimated street price. Actual price may vary. Photographs may not accurately represent exact confi tions priced. Intel, the Intel Inside logo and Pentium are registered trademarks of Intel Corporation. Microsoft and Windows are either registered 
trademarks or trademarks of the Microsoft Corporation in the United States and other count j 


guratior 
tries. ©2001 HewlettPackard Company. All rights reserved 





COMPUTERWORLD October 1, 2001 


36 


BUSINESS 


proached this challenge on two | 


fronts — raising IT awareness 


Security Primer 


| When undertaking a new development 


| 
| 
in the user community and | 
| 
raising business awareness in 


Security 
Ambassadors 


As companies 
increasingly put 
security in the 
hands of systems 
specialists, they 
need IT liaisons 
who can trans- 
late the needs 

of business. By 
Deborah Radcliff 


JAMES SCHNEPF 


FEW YEARS AGO 

American Family 

Mutual Insurance 

Co. ran its IT op- 

erations like most 
other companies do: Business 
units would hand down an 
order for a new program or 
functionality, and IT would 
build it 

And as in most large organi- 
zations, a security manager 
would attempt to advise de 
velopers on vulnerable points 
and security requirements. 

But that approach stretched 
the lone security manager too 
thin, says Mike Kleckner, who 
held that position at American 
Family three years ago. 

So Winnie Schumann, di- 
rector of enterprise technolo- 
gy strategies at the Madison, 
Wis.-based company, decided 
to put security controls into 
the hands of the systems spe- 
cialists who knew their tech- 
nology the best. Then, she 
handed the choices of individ- 
ual security controls to the 
business units that owned the 
data in question. 


All that was needed was 
someone to decipher the busi 
ness needs into technical solu 
tions and vice versa. This is 
where Kleckner and Leslie 
Peckham come in. They are 
now the company’s informa 
tion security advisers, coordi 
nating security requirements 
between IT and business 
units. 

“The business person knows 
the value of their data, and 
they know what controls are 
appropriate, so they should be 
in the driver’s seat,” Kleckner 
says. 

Their biggest challenge 
echoes that of all IT depart 
ments: bridging the great di 
vide between technology re 
quirements and business re 
quirements. Bridging this gap 
takes a certain amount of 
credibility, which comes from 
the backing of the most senior 
IT manager — in this case 
Schumann, who has also gath- 
ered support from the most 
senior company management. 

Once they got this backing, 
Kleckner and Peckham ap- 


dob Watch 


Who: Leslie Peckham and 
Mike Kleckner 


Title: Information security advisers 


Company: American Family 
Mutual Insurance Co., Madison, 
Wis. (www.amfam.com) 


Report to: Enterprise technology 
strategies director 


Skills: Ability to explain and 
transfer technology ownership to 
business units 


their IT support departments. 
“How do you describe a 
[public-key infrastructure] in 
nontechnical terms and actu- 
ally get people excited about 
it? It’s a real basic formula: 
You find out what the business | 
unit wants and give it to 
them,” Peckham explains. 
They started by developing 
a 10-point template from 
which business units can make 
informed decisions about 
their security needs. At the 
onset of any new project, the 
security advisers now meet 
with the business units to dis- 
cuss their needs and go over 





the template. 
hat means asking the right | 
questions, like the following: 

gw What are your strategic 
directions? 

gw What do you deal with? 

g@ What information is con- 
fidential? 

w What level of protection 
does that information require? 

Once the business unit fills 
out a project security tem- 
plate, a business partner docu 
ment is generated. Then the 
security advisers work with 
the technologists to address 
the security areas identified 
by the business units. 

After that, they have to find 
1 way to bring the business 
mentality of budgets, policies, 
operational integration and 
more into IT development 
teams, Kleckner says. 

It’s a matter of asking the 
technology units similar ques- 
tions, so they can see IT secu- 
rity as a strategic business en- 
abier and overcome their mis- 
conceptions that security gets 
in the way of efficiency, Peck- 
ham explains. 

lhe final decision still 
needs to be made by the data 
owners. So once the technical 
specialists turn around a list of | 
suggested solutions to meet 
the business units’ risk re- 
quirements, the advisers re- | 
turn to the business units and | 
discuss levels of risk with the | 
business managers who make 
the final technical security | 
choices that go into the project. | 

While Kleckner arrived at | 


project, American Family enables the 
business unit project managers to set 
security requirements themselves. A 
key element is a template developed 
by the company's two IT security 
advisers that explains key terms 


Authentication: Who are you? 
Authorization: What can you do? 


Confidentiality and reliability: 
Privacy and dependability 


Monitoring and tracking: What did 
you do? 


Backup and recovery: Rebuilding 
the system 


Physical security: Locking others 
out 


Change management: Protecting 
the production process 


Legal requirements: What the law 
expects 


Training and awareness: What you 
need to know 


Contingency planning: What if? 


Program paybacks: 
Every major business unit is already 
represented by the corporate 
security board 
Business participation in the 
company s security intranet pages 
is strong 
The corporate compliance officer 
even co-developed the IT security 
policies with Winnie Schumann 
director of enterprise technology 
strategies 


this position by way of infor- 
mation security, Peckham was 
an English major then a tech- 
nology strategist before taking 
her position at American Fam- 
ily. Peckham says her commu- 
nication skills and Kleckner’s 
more technical skill set com- 
plement each other. 

“I’m less technical, so I 
work on the cultural changes 
that need to happen in order 
to enable security to take 
hold,” Peckham says. “I love 
the awareness training end of 
the job.” 

Because their jobs are so 
creatively and technically de- 
manding, and because security 
is ongoing, neither Kleckner 
nor Peckham see themselves 
moving on anytime soon. 

“We see ourselves as being 
able to change a corporate cul- 
ture. That is our career pro- 
gression,” says Peckham. DB 








Where your conta 
CIEE 





GoldMine® is the logical 
next step to customer- 
centric success! 


_ CONTACT MANAGER has 
taken you as far as it will go. But you're 
not about to upgrade to some costly, 
cumbersome CRM solution. 

Join the community of smart professionals 
who are moving up to GoldMine, instead. 


s 


A range of “right-sized” solutions that pick 


up where your contact manager leaves off, 


Front > 


SOL VFI aks 





» 


to take you, your workgroup or company 
to a new level of customer-centric success. 

GoldMine solutions are engineered to 
help you manage the entire customer life 
cycle. Improving customer service. Reducing 
customer turnover. And maximizing sales 
and repeat business 

Centralized information and automated 
lead follow-up mean you'll spend less time 
on busy-work and more time closing new 
business. Plus, you'll be able to track your 
opportunities and forecast sales with our easy 


yet pow erful opportunity management tools. 


GoldMine, FrontOffice 2000 and other FrontRange products and brands are registered trademarks or trademarks of FrontRange Solu 


registered trademarks or trademarks of their r 


's/companies. Copyright 


2001 FrontRange Solutions Inc. All Rights Re 





Me | 
itonere(Vets °F 






GoldMine 


to link sales and marketing, service and 


gives yousthe Hexibility 





support and Management Intelligence into 
a front-to-back customer-driven solution 
You can import your data directly from 
your current contact manager with out 
convenient conversion utility. So why not 
do it today? Call or visit our website now 


for more information! 


www.trontrange.com 


1-800-532-6259 
(@ GoldMine 


in the U.S. and/or other countries. Other products an 








38 COMPUTERWORLD October 1, 2001 


BUSINESS 


TEI business responsibilities at 
True Value and WineShop- 
| per.com. “Where once there 

might have been 


over a hundred 


are available, and some are 


Successful Strategies for 
Today’s CIO Job-Seekers 


Inc. in Palo Alto, Calif.; and 


Gloria Gordon, vice presi- 


OUT 
— more qualified than others. 
“If you’re someone who 

jumped up into a 

CIO role without 

the requisite lev- jobs available, 
now there might 
be less than 20. 
Where major 
projects might 
have been under 
way totaling mil- 
lions of dollars, 


el of seasoning, 
you're probably 


as ni ; finding yourself 
F YOU’RE AMONG THE TOP CIOS — Say, 


the upper 5% to 10% — you’ve probably 

emerged relatively unscathed from the 

downturn in the job market. After all, the 

top-tier CIOs who can deliver millions of 
dollars of value to multibillion-dollar Fortune 500 
companies are always in demand. 


somewhat disen 
franchised in this 
down market 


dent of the technology and 
e-business practice at A.T. 


Kearney Inc. in Los Angeles. | when a lot of FRAN QUITTEL is a techni- 
cal staffing consultant 
in Emeryville, Calif., and 
writes the biweekly 
Career Adviser column 


for Computerworld. 


now capital 
spending and de- 
velopment proj- 


But if you’re a senior, ex- | good talent is 
available,” says 


Tom Thomas, 


perienced IT professional 


| wondering why your CIO 


Some CIOs are still com- 
manding compensation 
packages with base salaries 
as high as $250,000, healthy 
stock options and bonuses 
that are 25% to 60% of base 
pay, according to commen 


tary from IT executive 
search professionals such 
as Carl Gilchrist at Spencer 
Stuart Management Consul 
tants NV in Atlanta; Barry 
Obrand, area manager at 


Russell Reynolds Associates 


job search is stalled, be 
warned: There’s little 
spillover of high demand 
from that elite group to the 


| 90% below. 


The number of companies 
with top-level openings has 
diminished. More candidates 


Call 1-800-OK-CANON ext. 50 or visit www.imagerunner.com 


ew 


president and 
CEO of Haht 
Commerce Inc. in 
Raleigh, N.C. 
“This is a bare-bones mar- 
ket,” reports Paul Lemerise 
of Rancho Mirage, Calif. 
who has had senior IT and 


ects are imple- 
mented ona 
| ‘breathe air’ basis.” 

So, if you’re a top-level IT 
| manager who is on the mar- 
| ket, what can you expect? 
| Where should you look? 
| How should you interview? 


A box that delivers 
paper documents 
anywhere overnight? 


Introducing the Canon imageRUNNER with document distribution technology. Now you can send 
paper documents anywhere, in any form, at anytime, right over your network or the internet. instantaneously. Simply 
scan a document into the imageRUNNER 5000, and you can send it to any desktop, e-mail address, fax machine, database 
or file server. And since the Canon imageRUNNER is capable of integrating directly with your existing e-mail, lanfax, 


‘2. 


* Requires additional software which is sold separately. Speak to your authorized Canon dealer. 
Canon is a registered trademark and IMAGERUNNER and Canon Know How are trademarks of Canon Inc. IMAGEANYWARE is a service mark of Canon U.S.A., inc. ©2001 Canon U.S.A., inc. 





COMPUTERWORLD October 1, 2001 


And what will you be paid? 
First, expect that your job 
search will take longer than 
your previous searches, and 
depend less on geography 
and more on your selected 
industry, which traditionally 
impacts job seekers earning 
less than $100,000 per year. 

“Although Wall Street 
bonuses are surely not what 
they used to be, finance — 
including insurance services 
and consumer finance com- 
panies — energy and health 
care still remain very 
strong,” says Obrand. 

And while jobs in govern- 
ment and education may be 
harder to identify, these 
fields are growing tech- 
nology users, though taking 
that route might make re- 
turning to mainstream com- 


BUSINESS® | 


mercial IT more difficult. 

Second, recruiters are 
again being flooded with 
résumés. The best way to 
get into the loop of current 
openings is to network your 
way into the inner-circle 
CIO fraternity, which is 
harder to do if you’re on 
the outside looking in. 

This is the time when 
you should call in those chits 
from helping executive-level 
recruiters who have called 
you looking for leads. It’s 
also when you must leverage 
deep contacts with people 
who know about the latest 
projects under way. Pick up 
the phone and call the peo- 
ple who have worked for you 
and gone on to other venues. 


In addition, CIOs typically 


report at board meetings. 


Or a box that 


You're definitely at an ad- 
vantage in interacting with 
board members who re- 
member your strengths 
when seeking talent to solve 
problems among their 
clients and customers. In 
short, today’s job market is 
a networking game. 

Moreover, once you get 
your foot in the door and 
start interviewing with a 
CEO, there are a few wrin- 
kles you must smooth. You 
must be able to present 
yourself as someone who 
can pinpoint and solve busi- 
ness problems correctly and 
quickly, whose forecasting 
capabilities leave no margin 
for error and whose bud- 
getary sense is flawless. 

“If you are being inter- 
viewed by a CEO, you want 


him to think you are a mira- 
cle worker,” notes Neil Fox, 
CIO of Management Re- 
cruiters International Inc. 
in Cleveland. 

“The magic words are ‘I 
can do more with less,’ ‘I’ve 
taken a good look at the orga 
nization, and I believe we ei- 
ther have the right people 
doing the wrong things or 
the wrong people doing the 
right things,’ and ‘With these 
steps, we'll be able to achieve 
this specific goal.’ If you can 
do more with less and get 
some belief around it, this 
works,” Fox says. 

Moreover, you must target 
the scope of the job you’re 
after to a particular type of 
firm. If you want to work in 
a smaller organization, you'll 
need to wear lots of hats. 


39 


I inally, the good news 
Even if interviewing and ne 
gotiating take longer than 
you’ve previously experi 
enced, executive compensa 
tion packages hardly ever 
decrease. While today’s 
bonuses will fall below last 
year’s average of 40%, this 
year’s base salaries have 
risen 4% to 5%, notes Keith 
Fortier, a compensation con- 
sultant at Salary.-com Inc. in 
Wellesley, Mass. 

And “don’t be afraid to 
load up on low-priced stock 
options,” counsels Fortier. 
“This is the exact time to 
cherish getting stock op- 
tions, grants and all kinds of 
performance shares, because 
18 to 24 months down the 
road, these options could be 
worth multiples more.” D 


delivers them instantly 
over the internet? 


and document management software, you can maximize your investment 
in these systems* The cost and hassle of overnight delivery are finally 
over. At Canon, we’re giving people the know-how to make paper 


documents work in an internet world. SCAN SEND desktop PRINT 


Canon know How” 














Portals: 
Build Them Right 
And They Will Come 


Fast on their way to becom 
ing the primary way profession 
als share information, portals 
are red hot within organizations 
today. But to paraphrase a 
popular movie, if you Duild a 
portal, will they come? And if 
users ( ? 


stay 


ome, will they 

The short answer is, “not 
necessarily.” The reason is that 
firms don’t always don't take a 


true customer-centric approach 
to building portals to assure an 
optimal user experience 
Moreover, firms frequently 
underestimate the complexity 
of integrating legacy data and 
other information sources to be 
linked with portals 

“When building portals, you 
need to think in terms of end to 
end business outcomes and the 
notes Terry 


complete lifecycle. 


Hisey, V. P. and G. M., e-Business 


at Unisys. “The corporate porta 


begins with an alignment 
between business and portal 
Strategies incorporating the right 
information, from whatever 
source, and delivering it in a pro 
ductive and time-sensitive man 
ner to a personalized interface.” 
To make this dream a reality 
for clients, Unisys has combined 
its rock-solid experience in con 
sulting and integration with break 
through patent-pending method 
ologies. To learn how Unisys 
can help conceive, build and 
manage world-class portals, visit: 


www.aheadforebusiness.com 


siness.com 


ww aheadforebu 





We have a head for e-business 
Se 











1 BUSINES 


WORKSTYLES 


A Staff the Size of a City 


IT infrastructure: “PMMC has two 


sets of consolidated data centers that : 


support all five operating compa- 
nies, and then each company has its 
own IT staff. I worked in IT at Philip 
Morris U.S.A. for four years, and I’ve 
been here two years.” 


Mission-critical systems: “In 
PMMC, an [enterprise re- 
source planning] system for 
finance and human re- 
sources. We're two years 
into a big ERP initiative to 
implement common HR 
processes globally across all 
of our operating companies. 
“The system will give us 
consistency in how we cap- 
ture information but will 
still allow for differences in 
rules and regulations across 
locations. I worked on the 


design for 18 months at Philip Morris : 


U.S.A., and helped re-engineer the 
HR processes. We just had the first 


rollout to a small European office [in : 


July], and we'll continue to roll it out 
over the next few years. 


“Now I’m working on Web site de- : 


velopment and trying to bring ina 
content-management approach that 
will enable people to manage con- 


tent delivery with very little interfer- : 


ence from IS. We've rolled it out 
here [at PMMC], and we’re piloting 
a few tests to see if it could work as 
an enterprisewide solution.” 


: done. Certain aspects of Philip Mor- 
ris U.S.A. are very efficient, but if 

: you want to turn a very big ship, it 

: can take a little time. Here [at 

: PMMC], when you need to get 

: something done, we’re small enough 


Philip Morris 


: are not a give 
: not universal.” 


COMPUTERWORLD October 1, 2001 


: review yearly, but a part of that is 
: having regular reviews quarterly. 


Solving IT Challenges for 


Managers are encouraged to talk to 
their employees throughout the year 
and keep the lines of communication 
open. Some managers do reviews as 
often as every two months.” 


Bonus programs: “There are merit 


: programs for all employees across 
: the company. There are no IT- 
: specific bonus programs. Raises 


n, and bonuses are 


Workday: “We start be- 
tween 8 and 9 [a.m.]; 
most people are typi- 
cally in the office 10 
hours.” 


Management Corp. 


Interviewee: Donna Evans, senior 
project manager 


Company: Philip Morris Management 
Corp. (PMMC), the administrative ser- 


vices arm of Philip Morris Cos. 
Main location: New York 


Number of IT employees: More than 


420 in PMMC 


that you can walk across the hall and : 
get it done very quickly.” : 


What's the biggest misconception about 
working at Philip Morris? “Everyone’s 
reactions are different, but for the 
most part, people don’t know what 
we really stand for. We’re more than 
just a tobacco company. We own the 
largest food company in North 
America and the second-largest 
brewing company in the U.S. So 
there are times when people ask 
questions that are negative, but that 
stems from the fact that they think 
we are a one-product company.” 


What are the differences between work- : 


ing at PMMC and Philip Morris U.S.A.? 
“Philip Morris U.S.A. is absolutely 
huge. It had about 40,000 people 
when I was there, and when you're 
developing applications, you can 
have great impact because there are 
so many users. The first system I 
worked on there saved about two 
months per sales cycle because 
salespeople could use their time 
more efficiently. 


“So you can create some great effi- : 


ciencies because of the scale, and 
that’s a great feeling. But you’re also 
just one of many, and that can be 
daunting. It took longer to get things 


IT training: “Because we have such a 
wide range of IT initiatives, there’s 
not one single training event that 
everyone does. Near and dear to my : 
heart are content-management train- 
ing and XML training.” : 


IT career paths: “There’s not a formal 
path, but it’s common to grow your 
breadth and depth of technicalex- 
pertise with different business expe- : 
rience. For example, I’ve been in two : 
operating companies in six years, : 
and I hope to work in another.” 


: Employee reviews: “We have a formal 


Dress code: “For every- 
one in New York, it’s 
business. We wear 
suits, even in IT. The 
dress code for different 
locations varies be- 
tween business-casual 
and business.” 


Security badge/card 

needed to get into build- 
ing or office? “Yes, to get into the 
building and on every floor.” 


Office decor: “We have fantastic art. 
The company has been supporting 
the arts for 45 years now, and in the 
[lobby] of the building, we keep an 
exhibition space that we partner on 
with the Whitney Museum of Amer- 
ican Art.” 


Other on-site amenities: A doctor’s of- 
fice, a fitness center, a hair stylist, a 
credit union and a company store. 


Little perks: “We have lots of informal 
activities, like celebrating birthdays, 
marriages, births. And there are lots 
of employee discount programs — 
for movie tickets, Broadway shows, 
amusement parks and Indy car 
races.” 


The last word: “In the first 10 to 12 
years of my career, I had to jump 
ship every three to four years to gain 
the experience I wanted. But it’s 
hard to imagine jumping from here, 
because it’s a great place to work 
and you get to touch a lot of differ- 
ent technologies.” 
- Leslie Jaye Goff 
Igoff@ix.netcom.com 





Want to see how fast a company can deliver the most unified, 
multi-channel e-business solutions for financial services? 


MIU IMO eli isecod Oc Ome HRM elas austieues and brokerage, 
there’s someone equipped to deal with the complexity. Unisys. Our global 
experience extends deep into the world of financial services. Rather than 
giving you part of the solution, we deliver all of it, unifying your back office 
with your front office. We'll help deploy your services through multiple 
channels, from mobile and iTV, to ATM, branch, call center and the Internet 
As your strategic partner, we'll unify everything with your existing legacy 
systems. We've done it before and we're ready to do it again for you 
Visit us at www.aheadforebusiness.com. 


UNIS 


NMEA cee Milstelt mtg 





BUSINESS! 


Dear Career Adviser: 


I have 12 years of experience in all aspects of 
security, plus a bachelor of science degree in 
computer science, an MBA and an MSCE from 
excellent schools. I have been a chief technolo- 


goal of moving into a CEO role. But 
instead, I’m getting more offers for my 
technical skills. 


gy officer twice — once at a small com- 
pany for four years, and then most re- 
cently at a large company for just one 
year. MAJOR-LEAGUE PLAYER 
My employer has merged with anoth 
er company, and the merger has rede- Dear Major: 
Your 12 years of experience are pri- 
marily in technical areas, with several 


fined the scope of my position. 
I'd like to move to another major com 
pany in a CTO-level position, with the 


LEGAL NOTICE 
U.S. POSTAL SERVICE 
STATEMENT OF OWNERSHIP, MANAGEMENT and CIRCULATION 
(Required by 39 U.S.C. 3685) 


Title of Publication: Computerworld 
Publication No.: 00104841 
Date of filing: October 1, 2001 
Frequency of issue: weekly, with a single combined issue the last 2 weeks of December 
Number of issues published annually: 51 
Annual subscription price: $68.00 
Location of known office of publicatior 
(Middlesex Central County) 
tion of the headquarters of general business offices of the publishers: 500 Old Connecticut 

é Framingham, MA 01701-9171 (Middlesex C 
Names and addresses of the publisher, editor and executive editor: Publisher, Joe Levy, 500 Old 
Connecticut Path, Framingham, MA 01701-9171. Editor-in-Chief, Maryfran Johnson, 500 Old Con 
necticut Path, Framingham, MA 01701-9171. Editor, Patricia Keefe, 500 Old Connecticut Path 
Framingham, MA 01701-9171 
Owner: International Data Group, 1 Exeter Plaza, 15th Floor, Boston, MA 02116-2851 
Known bondholders, mortgages and other security holders owning or holding 1% or more of total 
amount of bonds, mortgages or other securities: International Data Group, 1 Exeter Plaza, 15th 
Floor, Boston, MA 02116-2851 
For completion by nonprofit organizations authorized to mail at special rates: Not applicable 
Publication Name: COMPUTERWORLD 
date for circulation data below: September 24 


Extent and nature of circulation 


500 Old Connecticut Path, Framingham, MA 01701-9171 


Issue 2001 
Actual No 
Copies of | 
Single Issue | 
Published | 
Nearest to 
Filing Date | 
259,740 


Average No 
Copies Each 
Issue During 
Preceding 
12 Months 


f 261,596 


A. Total r opies printed (net press run) 
B. Paid and/or requested circulation 

1. Outside-County Mail Subscriptions State on Form 3541 251,009 251,075 

2. In-County Subscriptions 0 0 

3. Sales through dealers and carriers, street vendors, counter 

sales, and er non-USPS paid distribution 0 0 

4. Other classes mailed through the USPS 0 0 
C. Total paid and/or requested circulation 251,009 
D. Free distribution by mail, carrier or other means, samples 

complimentary and other free copies 

1. Outside-County as stated on form 3541 5,248 

2. In-County ted on form 3541 0 

3. Other classes mailed through the USPS 0 
E. Free distribution outside the mail, carriers or other means 4,721 
F. Total distribution (Sum of D and E) 9,969 
G. Total distribution (Sum of C and F) 260,978 
H. Copies not distributed 618 
|. Total (Sum of 15¢ and 15f — should equai net press run shown in A) 261,596 
Percent paid and/or requested circulation (15C/15G x 100) 96.2% 
| certify that the statements made by me above are correct and complete 


ber o} 


2,919 | 
8,045 
259,120 | 

620 
259,740 
96.9% 


Robert Wescott | 
Distribution Manager 


fd 


short hops at smaller companies, start- 
ups and universities. That contrasts 
with your most recent experience of 
one year as CTO at a major company. 

There is considerable talent avail- 
able in the current job market — talent 
that offers both more business experi- 
ence and more consistent, longer stints 
at fewer large companies than you do. 
So it’s no wonder you're getting more 
offers for your technical expertise in 
security rather than as a leader of an 
entire business. 

You might prefer to skip some steps 
to reach your goal faster, but the cur- 
rent employment market won't allow 
you to leapfrog like you could have 
done in the tighter employment mar- 
ket just a year ago. 

According to Tom Thomas, presi- 
dent and CEO of Haht Commerce Inc. 
in Raleigh, N.C., you're most likely to 
reach a top slot if you can show logical 
progression in your ca- 

eer. This includes career 
stability that involves 
working your way into 
consistently larger roles 
at one company where 
you also begin to influ- 
ence the business as a 
whole. 

You might consider 
joining a Big 5 consulting 
company, eventually be- 
coming a practice leader. 
Then take on a senior 
management role within a 
company. 

Alternatively, you could ios 
consider joining a division of a Fortune 
1,000 company in a senior technical 
role. Then you could work your way 
up within the one company, perhaps 
becoming the president of a division 


before becoming the president/CEO of | 


either that overall company or another 
organization. Patience and planning 
are requisite, since this will take time. 


Food for Thought 


Perhaps the pressures are getting too great. 


Maybe the work is piling up too much. Possi- 
| bly nobody likes them anymore. Whatever the 


reason, IT managers definitely need to get out 


| more at lunchtime. A new survey by Manage- 


ment Recruiters International Inc. in Cleve- 
land finds that most managers now spend at 
least one day a week eating lunch at their 
desks. Nearly one-third said they spend three 


FRAN QUITTEL iS an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
www.computerworld.com/ 

career_adviser. 


~ COMPUTERWORLD October 1, 2001 


Dear Career Adviser: 

Iam a 12-year software industry tech- 
nical writer veteran in the Midwest 
looking for a new home. I am interested 
in whether companies are still investing 
in training and whether opportunities in 
training might be something for me to 
explore. I have some programming 
knowledge and expertise in writing 
product and user documentation. 

TECH WRITER TO TRAINING 


Dear Tech Writer: 


Training investments are suffering 
in today’s economic downturn. But 
you can still make the shift if you have 
instructional design and great presen- 
tation skills, plus deep subject-matter 
expertise. 

Areas in which demand for training 
is strongest include wireless IP infra- 
structure and data mobility, optical 
networking and storage- 
area networks, counsels 
Eric Goldfarb, CIO of Glob- 
al Knowledge, a training 
company in Cary, N.C. 

The more knowledge- 
able you are in terms of 
pure technology, the faster 
you'll be at making this 
switch. 

Seek out companies with 
proprietary technology 
that have multiple audi- 
ences, with each requiring 
training as a core part of 
their business, notes Randy 
Nelson, Dean of Pixar Uni- 
versity, at Pixar Animation Studios in 
Emeryville, Calif. 

Look for companies that need to 
train internal developers, external de- 
velopers and end users in software, a 
tool set or a product line, advises Nel- 
son. Finally, stay away from companies 
that put training far from the true 
business core. D 


lonely lunch hours at their desk weekly. And 
10% have no lunch life at all, spending every 
lunch hour at their desks. 


Too Much of a Techie? 


Not possible, said many ClOs participating in 
a recent study by Menlo Park, Calif.-based 
RHI Consulting. 

When asked what one skill area they would 
like to see improved in their IT workers, 34% 
of the CIOs polled said technical skills, 23% 
said project management skills, 13% said 
verbal and written communication skills, and 
10% said interpersonal skills. 





COMPUTERWORLD October 1, 2000 = TE CH 4 0 | 0 GY 43 


NICHOLAS PETRELEY 


Let’s Get Organized 
HAVE A THEORY ABOUT WHY we aren’t recovering from the dot- 
com implosion as quickly as we ought to be. Perhaps it’s just myopia, 
but I blame at least a portion of our economic woes on the disorgani- 
zation of information on the Web and the fact that the current state 
of technology doesn’t deal well with this chaos. 


Aaa 
CONTROLLED ACCESS 


With privacy a growing concern, 
IT managers are looking to closely 
manage access to their largest 
repositories of information: data 
warehouses. Good tools are avail- 
able, but decisions about defining 
user access to information must 
come first. PAGE 44 


CRIMINAL RECORDS 


A Linux-based document-imaging 
system helps the Queens County, 
NY., district attorney keep track of 
documentation for 50,000 criminal 
cases per year and makes them eas- 
ily accessible. PAGE 46 


HANDS ON 


Reviews editor Russell Kay offers a 
roundup of gadgets that can make 
life easier and more productive 
for those who must travel with a 


EMERGING COMPANIES 


RLX’s compact blade servers 
promise to cut power require- 
ments and conserve space in Inter- 
net data centers. But the competi- 
tion could be stiff as Compaq and 
other industry heavyweights race 
to catch up with blade servers of 
their own. PAGE 51 





There’s plenty of information on the Web. Once 
we pass the threshold where information is truly 
accessible to the masses, the Internet will become 
the indispensible foundation of our future economy. 

Tim Berners-Lee has attempted to help create the 
kind of information infrastructure that would sup- 
port such a future. If you want a glimpse of what 
he has in mind, read the Scientific American article 
titled “The Semantic Web,” by Berners-Lee, James 
Hendler and Ora Lassila (www.sciam.com/2001/ 
O50lissue/050lberners-lee.html). 

The article begins with a bit of a science fiction 
story in which people converse with Internet appli- 
ances the way the astronauts talked to the HAL 9000 
computer in 2001: A Space Odyssey. Why is it science 
fiction? We have adequate speech-recognition and 
synthesis technology. It’s just not affordable yet. 
What we really lack is an intelligent structure for the 
way we store information on the Web and an intelli- 
gent way to interpret and retrieve that information. 

If you want to see just how far we are from the 
goal, try this sort of test on any of a number of Web 
search engines that accept natural-language queries. 
I consider the site Ask Jeeves (www.ask.com) to be 
reasonably good, so I asked it, “What is the Semantic 
Web?” It came up with an excellent list of links. 

The question “What are the long-term side effects 
of phentermine (a weight-loss medication)?” may 
have produced some starting points, but it didn’t 
give me a link with a direct answer. 

But Ask Jeeves failed miserably when I asked 
questions like “How can I turn on TCP 
Syn Cookie support in the Linux kernel?” 
or “What was the name of the ship in the 
movie 2001: A Space Odyssey?” Yet these 
are extremely specific questions contain- 
ing all the information necessary to find 
precise answers. 

The Semantic Web addresses this very 
issue. It applies standards like XML and 
the Resource Description Framework 
(RDF) to the way we store and categorize 
information on the Web in order to make 
it possible to interact intelligently with 
the Web. 





NICHOLAS PETRELEY is a 
computer consultant and 
author in Hayward, Calif. 

He can be reached at 

nicholas@petreley.com. 


Now don’t get me wrong. I’m 100% gung-ho 
behind XML, RDF or any other acronym that might 
make Web information more accessible. But all one 
has to do to sprinkle some reality dust on this fan- 
tasy is to browse through a few XML files. What 
you'll find are the limitations of the standards and 
of the humans who apply them. 

For example, the program Evolution by Ximian 
Inc. uses an XML configuration file that includes 
this line: “<entry name=“path” type=“string” value 
“2£7573722£62696e2f677067"/>.” If you have your 
secret programmer decoder ring on, you'll know 
that the string beginning with “2f” is the hexadeci- 
mal representation of the ASCII string “/usr/bin/gpg.” 
But if you didn’t have a clue, why would you expect 
a search engine to do any better? 

Perhaps that is a poor example, because a well- 
designed engine should understand that “0” and 
“False” are the same Boolean value. And it might 
even discern the difference between text strings and 
hexadecimal ASCII. But if there is ambiguity among 
simple data types, how can we expect XML to make 
it easier to share complex data? 

The problem is that the Extensible in XML means 
we get to make up stuff. If we all agreed on what we 
made up, the metatag keywords in the HTML header 
on your Web site might actually mean something. 
But they usually don’t. That’s mostly due to innocent 
differences of opinion. 

And it can only get worse if some hypothetical 
monopolistic company exploits the extensibility of 
XML to make its data more accessible to 
some software than to others. 

So, is there any hope? Enter the RDF, 
another piece of the Semantic Web. We'll 
examine RDF in my next column to see 
if it can do what XML alone can’t. In 
the meantime, assuming your particular 
Linux kernel supports the feature, you 
can turn on Syn Cookies with the com- 
mand “echo 1 > /proc/sys/net/ipv4/tcp 
syncookies.” And the name of the ship is 
Discovery. Sorry, but I don’t know any- 
thing about the long-term side effects 
of phentermine. D 





TECHNOLOGY 


ISING CONCERNS about privacy 
mean that the security of sensi 
tive information such as medical 
and financial data and informa- 
tion about children is coming un 
der tighter scrutiny these days 
And this is forcing IT managers to 

turn their attention to the richest repositories of 

such data: their data warehouses. 

But for many businesses, just defining the roles 
and purposes of those staffers accessing such data 
can be daunting. Consider that a single hospital ad 
mittance could result in a patient’s records being 
viewed by more than 150 people, both inside and 
outside the hospital, according to a study by Pre- 
dictive Systems Inc., a New York-based technology 
consulting firm. 

Fortunately, data warehouse software and the ap- 
plications that serve such warehouses are relatively 
mature. Database software can define access down to 
the object level. And tools to automate user account 
management are particularly helpful in large use1 
environments. 

The first step in data warehouse security is defin- 
ing what data needs protecting, which can be more 
difficult than it sounds, according to IT managers. 

“[Legislation] talks in general terms about what 


GUARDING 


7e.% 


With Sipe a ie concern, IT 
OO 


Manager#s are 


ng to closely manage 


access to their largest repositories 0 
information. By Deborah Radcliff 


COMPUTERWORLD October 1, 2001 


data needs protecting and provides little of what 
kind of data and what kind of protection that data 
needs,” says Mike Hager, vice president of network 
security and disaster recovery at New York-based 
Oppenheimer Funds Inc., a wholly owned subsidiary 
of Massachusetts Mutual Insurance Corp. in Spring- 
field, Mass. 

The key to passing all forms of regulatory muster 
is defining “personally identifiable information” and 
then limiting access to that information to only those 
with a need to know. 

For example, you don’t want a statistician mining 
for demographics on sexually transmitted diseases to 
also have access to the names and addresses of indi- 
vidual patients with such diseases. Access rights to 
this type of data must be fine-grained enough that a 
statistician can only gather broader demographics 
like age, sex or region. 

And that means defining user roles, says Hager. 
“The real key here is being able to define who has ac- 
cess to what. Without a role-based security model, 
there is no way of accomplishing this,” he says. 

It took Hager’s team six months to define the roles 
of Oppenheimer’s 2,500 users, 400 of whom require 
access to the data warehouse. 

“There’s a business process that must take place 
before you can automate this,” Hager explains. “You 
need to identify group and individual user rights, 
which we did by going over [human resources] ac- 
counting codes and then going to business units and 
asking everyone to justify their access needs. And 
now they must also fill out an annual review form.” 


Tough Questions 

Once you know who requires access to the ware- 
house, it’s time to measure the technical controls 
around those users. That means asking some tough 
questions: 

@ Are access controls fine-grained enough to 
limit personal-data access to only those who need 
to know? 

g Are access-control lists current? 

w How is access to personally identifiable informa- 
tion kept from users who need access to only some 
of the data in a particular account? 

Relying on paper records stating who has access to 
data makes auditing difficult because there’s no one 
place to see who’s accessing what and for what pur- 
pose, says Hager. And if you can’t figure that out, he 
adds, how can you ensure that only those with a need 
to know see just the data they need to do their jobs? 

“Say a health care inspector walks into the office 
and says, ‘Show me who needs access to this priva- 
cy data, and show me how you restrict it.’ Ninety- 
nine percent of companies won't be able to do this 
because they only have bits of paper,” Hager says. 
“Administrators just grant the access when it’s re- 
quested on a piece of paper. Ard they don’t track 
these permissions.” 

Hager decided that he needed to automate this 
process, so he chose a provisioning rights manage- 
ment tool from Access360 in Irvine, Calif. But such 
tools don’t automatically populate themselves, so 
Hager’s team first had to define user roles manually. 

But now that user privileges have been populated 
into the Access360 product, role-based privileges are 
automatically updated directly from the human re- 





COMPUTERWORLD October 1, 2001 


~ TECHNOLOGY 


Privacy Protection in and 
Around the Data Warehouse 


BIG-IRON/LEGACY SYSTEMS 


° Tra Jitional access control 


FIREWALL/ROUTER 
* Encrypt data for transport 


APPLICATION SERVER 
Jen operating system © Authenticate 


ser at the application layer 


FIREWALL/ROUTER 


© Encrypt data for transport 


DATA WAREHOUSE 
* Role-based security and permissions * Encryption of the most sensitive 
objects for additional strength (cumbersome with current technologies) * 
Patch/harden operating system (with third-party kernel encapsulation from 
vendors like Argus Systems) * Reauthentication at the application layer 


FIREWALL/ROUTER 
¢ Encrypt data for transport 


OTHER ENTERPRISE DATA SOURCES 
* Application-level encryption * Patch/secure 
operating systems 


sources manager’s desktop. And if regulators ask for 
a corporatewide data trail, the tool will produce one 
on demand. 

Currently, Blue Cross/Blue Shield of North Caroli- 
na is in the process of determining the roles of every 
person accessing its data warehouse, says Celia 
Fuller, director of data warehousing at the Virginia 
offices of the health insurance provider. 

Chapel Hill, N.C.-based Blue Cross/Blue Shield 
is also planning an update of its two-table access- 
control format within its warehouse. The first table 


KEY AUDIT QUESTIONS 


What type of data is personal and sensitive 
in nature? 


= Which employees in which roles need to 
see sensitive data to do their jobs? 


= Do access controls limit the viewing of sen- 
sitive information to only those people with 
a need to know in order to do their jobs? 


= How is data protected from crackers? 


FIREWALL/ROUTER 
* Encrypt data for transport 


WEB SERVER 
 Patch/harden Web server software  Patch/harden operating 
system © Turn off unused vulnerable services and ports ¢ Strong 
user authentication (such as with smart cards or biometrics) 


includes nonencrypted data that’s accessible only 
through role-based access controls built in SQL na- 
tive to the database itself. These role-based privi- 
leges are fine-grained enough to determine who can 
read, write and delete specific objects in the ware- 
house, says Fuller. 

The second table contains data encrypted with 
proprietary low-level (30- to 40-bit) encryption, re- 
quiring a second-level paper sign-off by management 
before a higher level of authorization is granted. 

Database developers at Blue Cross/Blue Shield are 
now working out ways to merge all of the data back 
into a single table and put higher-level encryption on 
top of the most sensitive data. 

Blue Cross/Blue Shield is encrypting a small num- 
ber of fields, so key management isn’t an issue. How- 
ever, warehouses with large users bases and multiple 
fields are difficult to encrypt because of key-manage- 
ment problems, say experts. 

But encrypting data in the warehouse is important, 
say IT professionals, because if the database were 
compromised by disgruntled employees or outside 
attackers, the data itself would be unreadable. 

Some vendors are releasing software with a menu 
of encryption options and built-in key management 
that they say should make database encryption easier 
in the near future. One example is DbEncrypt from 
New York-based Application Security Inc. 


45 


“Database access controls and even low-level 
encryption are useful, but how do you manage the 
keys and user passwords to secure those? You « 
take a file and encrypt it and put the key next t¢ 
hat’s just as insecure as using no encryption at 
all,” says Aaron Newman, chief technology officer 
at Application Security. DbEncrypt stores keys in 
hash-only algorithms that can’t be read or tampere 


with, he says. 


Drawing It Out 

he tools that pull data from the warehouse als¢ 
carry additional features that can protect very fine 
grained data sets, something that’s particularly im 
portant if that data is drawn from the Web by large 
numbers of users. 

For example, Owens & Minor Inc., a Fortune 500 
hospital supplies distributor in Glen Allen, Va., has a 
mature data warehouse called Wisdom in which 
browser-enabled customers and suppliers can ana 
lyze their own purchasing and sales information for 
potential cost-reduction areas or wasted inventory 
Because the application is Web-based, it was impera 
tive that customers and suppliers be prevented from 
crossing over into one another's data, says Don 
Stoller, director of information management at 
Owens & Minor. 

Stoller’s team engaged security feature sets in its 
data mining software from San Jose-based Business 
Objects SA that lock together individual user IDs 
and their associated access privileges and manages 
those accounts, along with native, SQL-based privi- 
lege statements. 

So when users log in to Wisdom, a SQL query 
checks against a security database that automatical 
ly builds a “where” statement to the log-in account 
and password. The “where” statement is generated 
each time that account number logs in and only 
runs the data associated with that account number 
and password. 

As businesses move a greater number of such 
data mining applications to the Web for their custo 
mers or suppliers, securing the surrounding appli- 
cations and transport layers is just as important as 
securing the warehouse controls themselves, says 
technology strategy consultant, Stefan John Silver 
man, president of SJS Associates NA, an IT devel 
opment firm in San Francisco. 

For example, Silverman oversaw development last 
year of a new medical diagnostics service available 
to patients over the Internet. That meant that critical 
information had to pass from legacy systems to the 
data warehouse, to a Web server (upon receiving a 
user-initiated SQL query) and over the Internet. 

He decided that the only way to do this was to en- 
crypt everything in transport and on the servers, cre 
ate a firewall for each transport link, authenticate 
user IDs and access rights for each application and 
data set, harden each machine’s operating system, 
and transmit over the Internet using Secure Sockets 
Layer browser-embedded encryption. 

“Anything that’s Internet-accessible is scary, espe- 
cially if it’s medical or financial data,” Silverman 
says. “If personally identifiable medical data gets on 
the Internet, it could impact peoples’ lives, their 
standing in the community, their ability to get insur- 
ance or even employment.” D 





’ TECHNOLOGY COMPUTERWORLD October 1, 2001 


N QUEENS COUNTY, N.Y., the 
district attorney’s office was 
running out of storage space 
as fast as it was running out 
of money to rent more. Of the 
19,500 cubic feet of case 
: i r records storage space avail- 
P > » ee 7 ‘ a a aca Ce 
At one time, bog Bere Gem | able to the office, only 775 cubic feet 
>» he 7 ¢ . : Lents remained. The reasons were many: an 
we had 17 data e as | ons we y: 
se ae / increase in the number of prosecutions, 


entry people. Es SNe oe 4 | anincrease in the amount of paperwork 
associated with the prosecutions and 


NI TXKS qWe : Ors 
Now we hav C : , cp ; ipa | the reduced availability of off-premises 
just three. ; sai ¥ | storage space in New York City’s ware- 


b: , , | houses. 
ROBERT SCHLESINGER, ea AN E ; The finger-in-the-dike answer was 
DIRECTOR OF INFORMATION _ os | to accelerate microfilming of closed 
SERVICES, QUEENS COUNTY : “ | 


case records to gain maximal use of 
DISTRICT ATTORNEY'S OFFICE 


the dwindling space. The office also 
rented temporary warehouse space at 
$25,000 per year, using money it would 
rather have spent putting criminals 
in jail than papers in a file. Clearly, a 
less expensive solution was needed. 
Besides the cash outlay, managing a 
quarter-century’s worth of closed case 
records stashed at a half-dozen sites 
was time-consuming and inefficient. 
Many of New York City’s agencies 
suffered from the same problem, and 


they were all scrambling for affordable 
answers. Working with a $100,000 
funding allotment from the state gov- 
ernment, the district attorney’s office 
was the first to find one. Together with 
custom integrator Image Work Tech- 
nology Corp. in White Plains, N-Y., the 





THE DA‘s OFFI 





COMPUTERWORLD October 1, 2001 


office tried a novel approach. It used 
Linux for something other than run- 
ning Apache Web servers. 

“If we can afford it, we will look at 
any promising technology to solve 
problems, even if it’s not mainstream,” 
said Richard A. Brown, the district 
attorney. 


(Red) Hat in Hand 


Using Windows NT or Windows 
2000 for the office’s 425 users wasn’t 
something the office could afford. 

In seeking alternative solutions, 
Brown and his technical staff selected 
Red Hat Linux 6.0 from Red Hat Inc. in 
Research Triangle Park, N.C., to power 
a newly acquired Dell Computer Corp. 
document imaging server. Linux’s ap- 
peal stemmed from its low acquisition 
cost, high availability and the tech sup- 
port staff’s prior familiarity with Data 
General’s version of Unix. 

From the perspective of the system’s 
users, the choice of Linux was transpar- 
ent. Clients are Windows 98 machines 
that use Internet Explorer to view the 


At the Queens County District Attorney’s Office, keeping track of 
all the documents associated with the 50,000 criminal cases it 
processes each year is a family affair. There, necessity is the 


mother of invention, funding is the father, and the prodigal child 
turns out to be a penguin. 


imaging files stored on the Dell server. 
The system handles 85 to 100 inquiries 
per day. 

The document-scanning and image- 
storing programs are custom applica- 
tions written by ImageWork. The scan- 
ning repository, built on top of IBM’s 
DB2 database, communicates with the 
office’s existing case record database 
from EMC Corp.’s Data General unit 
via a custom Visual Basic interface. 
Data General’s database and the Lin- 
ux/DB2 imaging database each run on 
independent, interconnected servers. 

Despite the potential complexity of 
integrating the Data General database 
and the DB2 database plus the two 
custom applications, the project went 
flawlessly. Almost. 

“One of the very few technical prob- 
lems that arose with the Linux OS and 
the custom interface stemmed from 
Linux’s tendency to leave an applica- 
tion running even when the applica- 
tion’s window is closed. In Windows, 
closing the window usually shuts 
down the application,” said a much- 


E GOES 


enlightened Kevin Hansen, Image- 
Work’s president. Until ImageWork 
discovered and fixed this quirk, users 
inadvertently launched multiple copies 
of the Linux database and experienced 
some odd results. 


On Second Thought 


Automating manual filing processes 
provided an opportunity to update 
workflow channels, and it posed a 
challenge. Many of the nontechnical 
problems that the district attorney’s 
tech support staff and Image Work 
had to overcome were procedural. For 
example, they needed to dynamically 


assemble and collate multiple copies of 


each case record each time the records 
changed so prosecutors had access to 
all the latest data all of the time. 

“The greatest challenge was achiev- 
ing common definitions,” says Robert 
Schlesinger, director of information 
services at the district attorney’s office. 
He says tracking an average of 50,000 
cases per year, each containing five to 
100 pages, proves a Herculean task. 

“Each of those 50,000 cases usually 
consists of documents that affect all 
the defendants arrested on the related 
offense,” he explains. “That case 
record must keep all records together, 
even when their cases are eventually 
disposed of in different venues.” 

Through planning, testing and 
retesting, the district attorney’s office 
and ImageWork created a system that 
can track every document or scanned 
image that belongs in a case record 
and relate them to one another. 

The district attorney’s office keeps 
case records for 20 years. With the 
new document imaging system and mi- 
crofilming, officials hope to gradually 
reduce the amount of paper by trans- 
forming it into high-quality replicas. 

Currently, the Linux imaging system 
nolds about SOOGB of data. That in- 
cludes scans and copies of all 1999 case 
records. The district attorney’s office 
is now entering last year’s records. Ed 
Prchlik, the office’s director of system 
management, predicts that storage will 


47 


manually. “At one time, we had 17 data 
entry people,” he says. “Now we have 
just three. That makes us the leading 
agency for data sharing.” Schlesinger 
heads up a tech support group consist- 
ing of seven staffers and four applica 
tion developers/designers. 

The system doesn’t use Linux for 
security. Instead, when a user signs 
in, the system validates his rights, and 
he is allowed to access the Linux image 
server as well as the case records 
database. All connections to the image 
server must first pass through the 
office’s database security system. 

What do the users and technical 
support staff think of the debugged 
system? “I believe Linux will replace 
Unix,” says Prchlik. “It’s full-featured, 
reliable and fast.” 

That could be sooner than later, and 
Schlesinger says that worries him 
somewhat. Although ihe hybrid system 
is operating reliably and all of the bugs 
are apparently out, Schlesinger isn’t 
ready to relax. At least not until he 
learns the future of Data General in the 
aftermath of its 1999 acquisition by 
Hopkinton, Mass.-based EMC, an en- 
terprise storage provider. 

“Our case records system is built on 
Data General’s database and Unix. I 
hope they stay around for a while,” he 
says. On the other hand, if EMC should 
stop supporting Data General’s legacy 
products, Schlesinger theorizes that 
the office’s successful adoption of Lin- 
ux as an application server might just 
be the first step of a two-step journey 

Claiming that there’s “plenty of 
interest,” Schlesinger has fielded in- 
quiries about Linux from other mu- 
nicipal and law enforcement agencies 
statewide. He says his advice to them 
is uniformly straightforward: “Build on 
your tech staff’s existing knowledge. 
Only undertake a project like this if 
you are already familiar with Unix, 
and take it one step at a time.” 

Aside from the pride his tech sup- 
port staff exudes over the system, 
how do the office’s support staff feel 
about it? 

“To me, this new system is a god- 
send. I leapt out of my chair when I 
first heard about it,” says public infor- 
mation officer Mary DeBurbon. “I 
can’t tell you how many calls I get 
each week asking about old cases. 
From now on, I can keep track of 
every crime we are investigating.” So 
move over, Batman; Gotham may have 
just discovered a new symbol of law 


reach ITB within three years. 

Schlesinger says that the office’s goal | _ = 
is to increase accuracy and save time | Millmanisawriter and consultant in 
by eliminating the need to key indata_ | Croton, N.Y. 


enforcement, and it’s a penguin. D 





48 


TECHNOLOGY! 
‘The ‘Traveler's 
Kat Bag, Part | 


A fresh look at devices and computer accessories 
that can make working on the road less onerous 
and more productive. By Russell Kay 


I’S BEEN A WHILE since 


I've written about travel- 


ers’ computing needs, 

and in that time, a steady 

stream of new products 
has appeared. Many of these 
have become regular travel 


| companions because they 


solve some problem for me — 


| and they might for you, too. 


KENSINGTON’S FLYLIGHT, | 

a small LED on the end | 

of a bendable-cable arm, | 

provides light for working | 
in dim surroundings. 


This week’s installment 
deals with various devices. 
Part 2, which will appear in a 
month, will consider how you 
can pack and carry all this 
gear. In between, in the Oct. 15 


issue, I’ll discuss personal 
backup and data storage for 


| travelers. 


Mousing Around 

I’m a dedicated mouse user. 
I dislike touchpads of any sort, 
though I’m much happier with 
those eraser-head-like point 
ing-stick devices. But the truth 
is, | always pack along a 
mouse. Until recently, that 


| could be just about any 
| old mouse. But now 


there are some excel- 


lent choices espe- 


| cially for travelers 


First is the Optical 
Mini Mouse (Model No. 
PAUMO003J, priced at $50), 


| from Anaheim, Calif.-based 
| Targus Inc. It’s about halfthe | 
| size of anormal mouse but has | 


all of the standard functions, 
including a scroll wheel. 
I've carried this several 
times. Its size, however, 
can make it somewhat un- 
comfortable to use for long 


| periods. 


But I also like one that’s 


| even smaller. The $50 Super 


Mini Optical Mouse from 


| Tustin, Calif.-based Atek Elec- 
| tronics Inc. is barely half the 


size of the Targus, meaning 
it’s truly tiny. At this size, 
you don’t really rest your 
hand on it as you 
would with a normal 
mouse; instead, 
you hold and 
operate it 
with your 
fingers. For 
some reason, | 
this fits my 


stead of power (although USB 





hand better 


and is more comfortable to 
use than the Targus unit. Its 
size makes it usable on the 
palm-rest portion of a note- 
book computer, just below the 
keyboard. As with all mice, 
though, it’s important to 
match the device’s size and 
shape to your own hand. 

Still, my preference is a full- 
size mouse. My current 
favorite is the $69.95 cordless 
optical MouseMan from Log- 
itech Inc. in Fremont, Calif. 
And while I’m at it, I always 
pack along a mouse pad — a 
very thin rubber pad that 
takes up very little space. 
Although it’s usually easy 
enough to get along without a 
mouse pad, especially with an 
optical mouse, it can make a 
real difference. 


USB for the Rest of Us 


All three of these mice are 
Universal Serial Bus (USB) 
devices, and that brings up an- 
other necessary item: a USB 
hub. My 2-year-old Dell Lati- 

tude laptop 


| LOGITECH’S 


MouseMan 


| full-size cordless optical mouse is 
| easier to handle than some small- 
| er models made for travelers. 


| has just a single USB port. 


Most newer machines have 


| two, and I’ve seen a couple 


with three. If I want to use 


| more than one USB peripher- 


al, I need help, in the form of 
an extension cord for data in- 

-R 
carries power, too). In short, I 
need a USB hub. 

The first one I ever used 
cost $300 several years ago. It 
was a heavy, bulky, metal- 
cased affair. Now I have two 
much smaller units, each just 
half the size of an eyeglass 
case. These four-port mini 
USB hubs are from Targus 





COMPUTERWORLD October 1, 2001 


(Model No. PAOG6OU, priced at 


| $49) and Compton, Calif.- 
| based Belkin Components 


(Model No. F5U007, for $60). 


| One or the other goes with me 


on every trip. 
The Targus is the smaller of 


| the two, but the Belkin offers 
| stackability (and expansion) 
| with other adapters and a 


choice of colors via slip-on 
covers. Both work fine, though 
I found the Belkin’s tight- 
fitting cover harder to use. 
With either hub, it’s important 


| to take along the AC power 


brick because many USB pe- 
ripherals, including optical 


| mice, draw more power than 
| the hub can deliver. 


And while we're talking 


| about plugging in, Targus has 
a dandy $120 Universal AC 


Power Supply that’s much 
lighter than many of those that 


| come with notebooks. Using a 
| series of interchangeable pow- 
| er tips, the single unit can 

| power many different brands 


and models of notebooks (not 


| all at the same time, of 


course). It comes with a spe- 
cial AC plug that eliminates 


| the need for one more cord. 


Finally, to round out the 
power story, Targus also 
makes an auto/airplane 
universal power adapter 
for the same price. 


New and Neat 
One of the niftiest 
products I’ve seen ina 
while is the $20 FlyLight 
from Kensington Technology 
Group in San Mateo, Calif. 
This small LED on the end of 
a bendable cable arm plugs 
into a USB port. it gives just 
enough light so you can easily 


| use the keyboard in dark sur- 


roundings — like on a red-eye 
flight — but it hardly adds to 
the battery drain. 

Kensington claims that the 
FlyLight saps just 90 seconds’ 
worth of power per hour of 
battery life. The only compa- 
rable device I’ve ever seen is 
the little lid-mounted key- 
board light that IBM builds 
into its ThinkPad models. D 

you, visit our Web 


ick 


www.computerworld.com/q?23255 


For a checklist of 
what to take with 





COMPUTERWORLD October 1, 2001 


BY PETE LOSHIN 
IN AND YANG, life 
and death, Clark 
Kent and Super- 
man. Some con- 
cepts are so inter- | 

twined that it’s impossible to | 

imagine one without the other. | 

Transaction processing (TP) 

and relational databases [Tech- 

nology QuickStudy, Jan. 8] | 
make up another such pairing. 

In theory, TP can happen 
without a relational database, 
but you wouldn’t want to try it. 
And you could do a relational 
database without TP, but you | 
would lose one of the benefits | 
of having a relational database: | 
the ability to update multiple 
tables to reflect the completion 
of a transaction. 

Systems capable of doing TP 
must pass the ACID test: atom- 
icity, consistency, isolation and 
durability. Transactions are 
atomic, meaning they either | 
happen or not. If one account 
is debited, some other account 
must be credited. 

The TP system must always | 
be consistent with its own 
rules. No transaction can hap- 
pen if errors are returned as | 
the transaction is processed. | 
For example, if a table that 
must be updated is on a hard 
drive that is inaccessible, the 
transaction fails. 

Isolating transactions means | 
that other processes never see 
database tables in an interme- 
diate state. They may get to | 
see what the database looked | 
like before or after the trans- | 
action, but not during. For | 
example, anyone querying an 
airline reservation system for 
seating will see all seats not | 
reserved at that moment. But | 
if two people try booking the | 
last seat on tonight’s red-eye | 
at the same time, only one can | 
succeed. 

Finally, transactions must be | 
durable, meaning that once the 
last seat is reserved and the | 
customer receives notification 
of the booking, that transaction 
is permanently recorded. Even | 


TECHNOLOGY 


HOT TRENDS & TECHNOLOGIES IN BRIEF 


Iransaction Processing 


DEFINITION 
Transaction processing is the 
unambiguous and independent 
execution of a set of operations 
on data in a relational database, 
which treats that set of actions 
as a single event. If any part of 
the transaction process fails, the 
entire transaction fails and all 
participating resources are rolled 
back to their previous state. 


Phase 1 


@ Global coordinator noti- 
fies systems that tables 1, 2,3 
and 4 need to be updated. 


Request to 
commit 
transaction 


@ Systems check every- 

thing, including their storage imme 
devices, to make sure they : [Results } 
are ready towritedatatothe : 

tables in question, with both 

the current and new values 

accessible but no changes 

made 


coordinator 


® Systems notify global 
coordinator that they are 
ready to update tables or not. 
If any system is not able to 
make the change, it notifies 
the coordinator, which noti- 
fies all systems that the trans- 
action has failed and the 
transaction therefore aborts. 


Phase 2, 
if successful 


© Global coordinator, on 
receiving affirmation from 
all participating systems 
about all tables to be updat- 
ed, notifies all systems that 
they can update their tables. 


@& The systems update their 
tables and report status to 
the global coordinator (either 
success or failure) 


© On receipt of successful 
completion of the updates 
to all the tables, the global 
coordinator can report back 
to the requesting node that 
the transaction has been 
completed. 


if the system was hit by light 
ning after the transaction was 
complete, TP-capable systems 
would be able to retrieve it. 


Two-Phase Commitment 


Relational 
sometimes defined as systems 
capable of doing transaction 
processing by virtue of their 
ACID-support. The “two-phase 
commit” (2PC) protocol is a 
defining characteristic as well 
as a key mechanism by which 
the transaction is enabled. 

In the first phase of the 2PC, 
a global coordinator notifies all 
systems in the transaction that 
they should prepare to either 
commit the changes required 
by the transaction or roll back 
their tables to their previous 


databases are 


state. The systems involved 
notify the global coordinator 
when they’re prepared to com- 
mit the transaction or that they 
won't be able to commit the 
transaction. If a system doesn’t 
respond, or responds with an 
error, the global coordinator 
will abort the transaction and 
notify systems to roll back the 
changes. 

If all systems are go for the 
first phase, the coordinator 
notifies the systems to begin 
the commit phase by writing 
all changes and then notifying 
the coordinator. The transac- 
tion is completed only when all 
systems notify the coordinator 
that the changes have been 
committed; if any errors occur 
at this stage, the transaction 
will be canceled and all partici- 
pants are required to roll back 
changes. (See diagram.) 

Transaction processing is a 
mature technology, as are the 
relational database and the 
transaction monitor (see box). 
All were introduced in the 
1960s and 1970s, as large data 


processing shops required | 
mechanisms for reliably au- | 


tomating transactions. Over 


the decades, the cost of sup- | 
porting TP has dropped to the | 


point at which almost any busi- 
ness can apply it profitably. 


@ Are there technologies or issues you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com. 


Transaction 
Monitors 


The global coordinator shouldn't 
be confused with the transaction 
monitor, also commonly known 
as transaction processing monitor 
software or the transaction server 
[Technology, QuickStudy, May 17, 
1999] 

Transaction monitors are mid- 
dieware programs that mediate 
between clients and servers. They 
optimize database performance 
by acting on behalf of the clients 
Rather than have every client open 
a session with a server, the clients 
connect to a transaction monitor 
which queries the server through 
its own session. This relieves the 
server from the chore of handling 
numerous individual sessions 

First introduced in the 1970s 
for mainframe systems, transac- 
tion monitors were reborn in the 
late 1990s as software publishers 
rolled out new versions capable 
of handling online transaction 
processing systems providing 
services through Web servers. 


- Pete Loshin 


Today, the problems of dis- 
tributing transactions on the 
Web are similar to the prob- 
lems of distributing them on 
systems with disparate data 
tables spanning multiple tape 
and disk drives. As a result, 
extending TP capabilities to 
the Internet is often as easy as 
building the interface and 
business logic for an applica 
tion on an existing system. And 
e-commerce needs effective TP 
Without them, 
there would be no way to verify 
the transactions that form the 
basis for e-commerce. D 


mechanisms. 


Loshin is a freelance writer in 
Arlington, Mass. 


www.computerworid.com/q?q3000 





90 


TECHNOLOGY 


Proper lesting Key to VPN, 
Web Site Security Efforts 


A good security design is not enough; conducting 
the right tests is a critical last step before launch 


BY MATHIAS THURMAN 
Y COMPANY'S virtual 
private network (VPN) 
project is now almost 
complete. Last week, I 
received word that the 

system engineers had built and config- 

ured the Lightweight Directory Access 

(LDAP) and VPN 

gateways. That meant it was time to 


Protocol servers 
perform final security testing, so I 
loaded my laptop test ma- 
chine with vulnerability 
assessment tools and 
headed to the data center. 
rhe laptop test machine 
is a dual-boot system run- 
ning Linux and Windows 
NT. I use the Linux parti- 
tion to run Nessus, which 
is a very good (and free) 
vulnerability 
tool, and to compile and 
run exploits that I down- 


load from the Internet. We 


assessment 
Bas 


are using Nortel Networks 
Corp.’s Contivity as our 
VPN gateway device, and 
LDAP 


server's operating system, 


Solaris 2.7 as the 
so I downloaded a few So- 

laris and Nortel exploits from the Inter- 
net to test for common vulnerabilities. 

That sounds scary, but I felt confi- 
dent that my limited programming ex- 
perience is good enough to recognize 
whether the downloaded source code 
has any back doors, is malicious or 
sends data to some third party. 

I used the NT partition to run the 
more 
such as Atlanta-based Internet Security 
Systems Inc.’s Internet Scanner. The as- 


sophisticated scanning tools, 


sessments went very well. Later, I plan 
to incorporate the data into a complete 
risk document and present it to the 
project manager 

Upon returning to the office, I had 
several from the program 
manager responsible for e-business. He 
was concerned about the security of the 
new public Web site we're building. 


messages 


SECURITY 
MANAGER'S 
JOURNAL 


rhe site is a work of art. It includes 
load balancers, content servers from 
Vignette Corp., back-end Microsoft 
SQL Server database servers and an 
e-commerce gateway that connects to a 
payment authorization service over a 
separate private circuit. The site is fully 
redundant, from the servers and fire- 
walls to the routers and switches. But 


will it be secure? The project manager 


called me in to begin the testing phase. 

Fortunately, security has 
been part of the design 
right from the start. The 
project was already moving 
forward when I 
board, but the project man- 
ager sought me out to re- 


ee 


came on 


view the design. I also gave 
the engineers system-hard- 
ening guidelines when they 
built the servers, so it didn’t 
surprise me when the sub- 
vulnerability as- 
back with 
minimal findings. However, 


sequent 
sessment came 


these assessments alone 
aren't sufficient to give the 
Web site a 
health. 


Che problem is that most 


clean 


commercial vulnerability assessment 
tools only check for specific operating 
system and third-party program issues. 
They cover items such as using brute- 
force methods to crack an authentica- 
tion mechanism, buffer overflow at- 
tempts, and configuration errors in 
programs such as sendmail, File Trans- 
fer Protocol and Berkeley Internet 
Name Domain. What they don’t check 
for are potential weaknesses in the in- 
teroperation between the Web server 
and other parts of the infrastructure. To 
fully test the integrity of the new Web 
site, we need to conduct an application- 
level vuinerability assessment. 

This is a fairly new type of assess- 
ment. There are few automated tools 
that you can use, and you can’t just 
point and click at the Web server to 
gain the proper insight. 


bill of 


The issues are complex. For example, 
consider this Web address, which logs 
a Web appli 
https:/omeserver.com/cgi-bin 


user mthurman on to 
cation: 
logon/logon?=mthurman/ack/1045623 
custom.asp. 

What would happen if a hacker were 
to replace “mthurman” with “vince. 
tuesday”? Would the application redi- 
rect the attacker back to the original 
log-on screen to force the proper au- 

| thentication? Or would the manipula- 
tion let the attacker bypass authentica- 
tion and jump into the account of an- 
other user? That’s an extremely rudi 
mentary example, but there are scores 
of possible programming and permis- 
sion glitches that could allow an intrud- 
er to manipulate a Web address to gain 
unauthorized access. 

Since many 
rounding Web-address manipulation, 


there are issues sur- 
and because this is an area where my 
knowledge is a bit weak, I decided to 
outsource our application-level as- 
sessment. The problem was, I’ve had 
only limited experience in hiring a 
third party to come in and hack into 
my infrastructure. So, how does one go 


about choosing a vendor? 


| Web Search 


I called a few friends and profession- 
al acquaintances for referrals, but no 
one had used a consultant for an appli- 
cation assessment. So I resorted to a 
Web search. I came up with a short list 

| of three local vendors and then called 
each in for an interview. 

One of my requirements in choosing 
a vendor was that I had to personally 
meet the people who would perform 
the assessment. I wanted to see their 
backgrounds and certifications. I also 
requested samples of their vulnerabili- 
ty reports and a list of references. Other 
than that, there’s not too much else on 
which to judge these organizations. 

In the end, I figured that if I felt com- 
fortable with the 
qualifications of the individuals, if I 
liked the format and content of the re- 

| ports and if reference customers had 
| good things to say about the vendor, 
| that would be enough. 

| Unfortunately, of the three compa- 
| nies we interviewed, only one provided 


personalities and 


(Quick 


COMPUTERWORLD October 1, 2001 


LINKS: 


www.homeport.org/-adam/ 
review.html and 

www. freebsd.org/security/#spg: 
Security managers often need to ensure 
that program code is reviewed for secu- 
rity deficiencies prior to deployment 
Even if you're not a programmer, you 
can create a code review to address 
this issue and provide that document 
and any supporting materials to your 
quality assurance or engineering de- 
partment. The links above should help. 


www.sanctuminc.com: Of the few 
application-scanning tools available, my 
favorite is Santa Clara, Calif.-based 
Sanctum Inc.'s AppScan. | like the fact 
that the designers have spent time 
building actual exploits into the product. 


www.dwheeler.com/flawfinder/: 
Flawfinder is a useful open-source tool 
for scanning source code. It's available 
for free, but you'll need Linux to run it 


all of the requested information. But 
representatives from that firm were ex- 
tremely knowledgeable and had nu- 
merous technical certifications, in- 
cluding the well-respected Certified 
Information Systems Security Practi- 
tioner certification. They passed the 
nice-guy test. 

The reports they sent appeared to be 
just what the doctor ordered. They con- 
tained no boilerplate fluff to take up 
page space, and no funky graphics or 
other nonessential materials — just the 
data needed to identify and mitigate se- 
curity-related findings. That was hur- 
dle No. 2. 

Then I called three of the 10 refer- 
ences. All said they had nothing but ex- 
emplary experiences. It helped that I 
knew one of the references personally. 
That clinched it. 

When it came time for action, the as- 
sessment team provided a statement of 
work, and we agreed upon a time frame. 
We gave them two user accounts (no 
data associated with the accounts, of 
course) and scheduled a commence- 
ment date of next week. 

Have you been through a Web appli- 
cation security assessment before? Did 
I leave anything out? If so, I welcome 
your comments and suggestions in the 
Security Manager’s Journal forum. 


For more on the Security 
Manager's Journal, including past 


I nk@ journals, visit 
I www.computerworld.com/q?q2000 





@ This week's journal is written by areal security manager, “Mathias Thurman,” whose name and employer have been disguised for obvious reasons. Contact him at mthurman@hushmail.com or go to the Security Manager's Journal forum. 





COMPUTERWORLD October 1, 2001 TECHNOLOGY 


RLX Helps Data Centers 
With Switch to Blades 


Its high-density, low-power Web server 
blades can improve efficiency and cut costs 


BY LINDA ROSENCRANCE 
HEN 
Schedler, 
chief finan- 


SCOTT 


cial 
at financial 


| and 
RLX claims to have more than | 
| a dozen 


officer | 


Web site The Motley Fool Inc., | 


discovered that RLX Technol- 
ogies Inc.’s new blade servers 


cut costs in the company’s data 
center by 60%, he did the hap- | 
py dance, says chief technolo- | 


gy officer Dwight Gibbs. 

“We had some issues with 
our setup,” Gibbs says. 
footprint in the data 
was too large, and the [system] 
was [using] a lot of power. So 
we decided to look at 
technology to address 
problems.” 


center 


new 


“The | 


our | 


Gibbs says start-up RLX was 


the only company shipping 


server blades when he made | 


his decision. 
lands, Texas-based vendor 
leapt ahead of industry heavy- 
weights Compaq 
Corp. and Hewlett-Packard Co., 
which have 
to ship similar products late 
this year. 


On the Leading Edge 


Thus, The Wood- | 


Computer | 


announced plans 


A server blade is a complete | 


that 
memory 


computing system 
grates processors, 


inte- | 


and I/O functions on a single | 


circuit board. Server blades 


that fit into the RLX System | 
324 chassis measure just 4.7 in. | 


high, .58 in. wide and 14.7 in 


deep. RLX uses Santa Clara, 


Calif.-based Transmeta Corp.'s | 


low-power Crusoe micropro- 
cessor in its design. 


Founded last year, RLX has 


already garnered $59 million in 


funding — no mean feat in the | 


current market — and has a 
seasoned management team 
that includes Compaq founder 
Gary Stimac as CEO. 

RLX is focusing first on the 
Web server market, targeting 


Web and 
Internet 
Michael 


chief 


hosting companies 
data centers, 
Swavely, president 
operating officer. 


says 


customers but de- 


clines to name them for com- 
petitive reasons. 

RLX can fit 336 server blades 
in one rack vs. 42 in a standard 
configuration. Each blade uses 
15 watts of power at peak per- 
formance (vs. 75 watts for a tra- 


ditional server) and delivers 


five to 10 times more efficiency | 


| Cost-Cutters 


than other Web servers, says 


| Swavely. RLX’s servers gener- | 
| averaging $300 


RLX BOASTS $59 million in funding and a management team that 
includes Compag veteratis Gary Stimac (left) and Mike Swavely. 


RLX Technologies Inc. ¢ 


25231 Grogan’s Mill Road 
Suite 600 

The Woodlands, Texas 
77380-2174 

(281) 863-2100 


Niche: Ultrathin rack-mounted 
blade Web servers that conserve 
power and space 


Company officers: 

* Gary Stimac, CEO 

* Michael Swavely, president 

and COO 

Mike Perez, vice president of 
technology 

¢ Christopher Hipp, chief technolo- 
gy officer and co-founder 


Milestones: 

© November 2000: Company 
founded 

May 2001: RLX System 324 
Web server ships 

* September 2001: RLX Control 
Tower server management soft- 





ware introduced e 


| content-distribution 


PUT 
oe ER, 


ate 80% less heat than standard 


| servers, so they require less air 
| conditioning and backup pow- 


er, in part because of the Cru- 
soe chip, he claims. 

Web hosting firms and Inter- 
net data centers, including In- 
ternet service providers, appli- 
cation service providers, host- 
ing and co-location companies, 
compa- 
nies and online businesses, are 


| prime targets for RLX’s server- 
| blade technology, according to 


Swavely. 


With the cost of data centers 
per square 
foot, firms like New York- 
based The Motley Fool are try- 
ing to figure out how to fit 
more servers into less space, 


| trim operating costs and in- 
| crease revenue per square foot 


while still satisfying the needs 
of users. 

And because of 
energy prices, these business- 
es are also under pressure to 
decrease power consumption. 
As far as The Motley Fool is 
concerned, RLX’s new servers 
did just that, Gibbs says. 

“Using these servers allows 
us to shrink our footprint [in 
the data center] and put more 


increased 


Gibbs says. “ 
% decrease 
footage 


the 
and 


square 
lower 


Tro 
Sing power use, we can de- 


million from Soros Pri- 

vate Equity Partners LLC, 

IBM, Ignition Corp., Sternhill 
Partners, ComVentures and RLX’s 
management team 


Products/pricing: An RLX Sys- 
tem 324 chassis with six Server- 
Blades is $6,999; a full chassis 

with 24 ServerBlades is $26,511, 
including management software. 


Customers: The Motley Fool, 
plus more than a dozen others 


Partners: Transmeta, Microsoft 
Corp. and Red Hat Inc. 


Red flags for IT: 

© RLX may lose its early lead once 
larger competitors ship similar 
products later this year. 

* Its initial products are designed 
just for Web server functions. 


AN IGS 


| [rounds of] layoffs, 





crease our costs. 


attractive.” 
RLX’s servers are 
easier to maintain than others, 


according to Gibbs. 
“There’s not a whole lot of 
| spare parts,” he 


says. 
we need less manpower [to 
maintain them]. With two 
that was 
important.” 

RLX will face competition 


| from larger, more established | 


server vendors by year’s end, 
but the blade-server pioneer 


says it isn’t standing still. | 
| “RLX is already planning sec- 


ond-generation solutions,” re- 
ports RLX spokesman Bob 


| Beach. 


Time will tell whether inno- 
vation will be enough to keep 
RLX ahead of the server indus- 
try’s leaders. D 


CPUs in a smaller space,” | 
So if we can | 
| Taipei, Taiwan 


And | 
the pricing is also very | 


‘And | www.compag.com 


the buzz 


STATE OF 
THE MARKET 


Leading the Pack 


Framingham, Mass.-based IDC expects 
2001 to be the year ultrathin server 
blades gain acceptance 
But while other hardware vendors say 
they're planning to ship such products 
RLX was the first to doso, says IDC ana 
lyst Mark Melenovsky 

“RLX moved quickly with the RLX 
System 324 Web server to address the 

growing demand,” says IDC analyst 
John Humphreys. “With its focus on Web 
hosting companies and Internet data 
centers — and the fact that it alleviates the 
Critical density and power issues facing 
these customers - RLX has positioned it- 
self as a leader in the blade market.” 

In order to remain a leader, RLX mus’ 
expand its product beyond Internet data 
centers and Web hosting companies 
says Melenovsky 

According to RLX COO Michael 
Swavely, the company's goal is to build 


in the market 


| onits market leadership position in serv- 
| er blades to make inroads into the larger 


server market 

Although no other company is yet 
shipping a server-blade product based 
onalow-power chip, RLX’s potential 
competitors include the following 


Nexcom International Co. 


www.nexcom.com 


Nexcom’s HiServer blade servers, which 
are already shipping, function as Web 
firewall, e-mail and video-broadcasting 


| servers. However, they use existing 
also | 


processors from Intel Corp. and Cyrix 
Corp. rather than low-power chips 


Compaq Computer Corp. 
Compaq and chip maker Intel are build- 


ing an ultradense server code-named 
QuickBlade. The server will use Intel's 


| new Tualatin ultralow-voltage proces- 


sors and will ship later this year 


Hewlett-Packard Co. 


www.hp.com 


| HP’sblade servers are scheduled to 


ship in the fourth quarter. HP is focusing 
the design of its blade servers around 
the CompactPCI architecture and will 
sell them to telecommunications 
providers, other service providers and 
enterprises. 

- Linda Rosencrance 





Wee sekeelin 


aper 
w Lake 


Memphis 


ate 

ated Bachelor's 

years of related 
ng account 

rk develop 
rkforce suf 


rent of systems 


nanagers and team development 


ase fax M. Phelan 


312) 466 


IT CAREERS 


Banking 


Database Engineering 5 


GRAMME 


nicage 


28522-E. An employer paid ad 


0. IL 60605. Attn 
ydia Clarke, Reference #V-iL 


mmitment to 


Computerworld + October 1, 2001 


srrent.) Manage 


& database 


Trusted by 


more hiring 


managers 
than any IT 
space in 


the world. 


Mifflin 


ey Street 


IT eelsekeeil | 


WE 


DOA 
BETTER 
JOB 
AT 
HELPING 
YOU 
GET 
ONE. 


CALL: 


1-800-762-2977 


careers 





careers.com 


IT CAREERS 


Senior Data Warehouse 
Developer 


Attn: Je 
Fax: 415-541-0224 C C f 2 lowa 


E-mai j, Su )4, Dulu 401 
jennifer_bowmané \ 





PROGRAMMER/ANALY 
analyze, de 


ment. and r 
f and 


ENOVIA 
salary ar 
benefits package. ENOVIA 


Juding: Reston, VA; Atla 
Dallas; Sacrame 


n and Ir 
n and 


Windows platform 


OM, XML, Activex, OOA 





: : . and multithreadin: 
e-lite companies a Master's de 


accept equivalent 


Please respond to Net2Phone. 


e-merging companies ) adiesian aad cuca 
e-ssential companies ns’ Stet Pitan Csaak 
8-normous opportunities Boston, MA 02110. Attn: Matt 


Eichner reference #2 





Computerworld * October 1, 2001 


Banking 


€ acce ; 
pr ations for veral Senior 
Technology Analyst 


experience with HT 
NIX; and had 
ddlewe 
ogies 


author 


Engineerin 

field, with a demonstrated 
perform the 

gained througt 

experience or academic 

work and projects. Hi 

to 5 pm, M-F. Send re 

KM-HR, CheckFree Serv 

Corporation, 6000 Perimeter 

Drive, Dublin, OH 43017 
mal to itcareers @ 

free.com ATTN: Job PK 

















tT) PT eKe ent 


The Face of Pfizer 
The best is getting even better! 
As the world’s largest pharma 
ceutical research enterprise 
Pfizer is dedicated to providing 
the best innovations in medicine 
while pursuing tomorrow's dis 
coveries in research and devel 
opment. With an R&D budget 
$4.7 billion, our team has spurred 
Pfizer's exceptional performance 
in 30 countnes and across six 
continents. !f you share 
dedication to discovering, devel 
oping and delivering medicines 
improve the health of both 
ple and animals worldwide 
t yours to be the newest 
of Pfizer. Picture yourself 
wing opportunities at 
Research and 
nm Anr 


for 


ble Jeve 


aintaining and providing 
val support for 
Management System 
develo 4 main 

taining applications; ¢ offering 

technical expertise on various 

applications/systems supporting 

slinical Sciences. Further 1 

Jevelop, test Jate 

de change 

Jocumentat 

application: 

war software 


on Systems backed by 
s experience with sys 

tems desi id web technok 
3y Demonstrated proficiency with 
Oracle da and PL/SOQ i 
critical. You so need experi 
ence work in a FDA regulat 
ed environment, as well 
experience with SDL( 

US Operating systerr 
ing NT and UNIX. ¢ 


and m 


entia 


exceptiona 
mment complete witt 
competitive salaries, exceptiona! 
benefits and training opportunities 
ved to develop your 
nal talents. We encourage 
ali applicar apply by emailing 
your resume, indicating the appr 
priate Req. # 01Aug0106578 ir 
the subject fiel CPWwe 
pfizerre: ym. If necessary. 
it resume 
Pfiz 


ter, 630 


rmat 


of the enterpnse 


determines 
needs and 

to ac 
establis 


ers the vari 


stems 
yn to 
best technology or 
r client's needs, and 
ersees system design, arct 
and specification deve 
tt. Require 
aquivalent (foreign degree 
igt 4 year program, or 
through combination of educe 
and experience 
e, engineering 
ar: 8 years of relevant expe 
e with min. 5 ye 
Oracle technology exper 
relation database desic 


tecture and planning 
Experience requirements may 
have been gained concurrently 
Position based in Portland, OR 
metro area. Applicants must 
have legal authority to work 
permanently e US 
Competitive salary/DOE nd 
resume to: Human Resources 
Goshen Technologies Inc., 1500 
NW Bethany Bivd., #255 
Beaverton OR 97006 


Chief Technical Officer, 40 Hours 
per week 8.30am-5.30pmr 
$95,000.00 per year, located 
Boca Raton, F Require 
high school education and 
years @ ence in the joi 
offered 4 years related 
ecupation as senior wireless 
network speciz ort to the 
board of directors on t 
Jay running of the company 
Establish budget for technica 
engineering department. Oversee 
development of high-leve 
technical strategies and project 
planning for the implementatior 
of new mobile GSM based PCS 
networks. Oversee engineering 
configuratior anning and 
optimizat > network 
elements, ir J mobile 
switching centers, home location 
base ation controllers 
ransceiver stations 
Oversee the design planning 
neering and optimizatior 
vetworks 
yeograpt 
work eler 
peripheral sys ; associated 
with the cor obile network 
includ 
facilities 
nance ce 


Jata netw 


Jevelopment 
plans for 
ntegratior 
suppliers 
f techr ipport/training in 
areas, as wel 
ftware deploy 
ment, upgrade strategy and 
database engineering, r 
nical gr 
nin 
ties 


equ 


Must 

knowledge 
the GSM 
Internationa! 
Union; UMT 


yMmunications 
3GPP star 
pecifications 

GPRS 

ave expert 

skills. Send 


y for Workforce 
Box 10869 


level, engage 

« ftware deve 

ftware applications 
nteractive 


3) and Com 


arface (C ec 


NT 
we| 
requirements 
Jesign docu 
te and debug the software 
applications. Engage in project 
management as required. Use 
ual C++, MFC, ATL, Socket 
yramming, the COM/DCOM 
development tool, InstallShield 
software, the ActiveX develor 
and the WIN 32API 
ntt n the design 
and development process. Re 
quires Master's or equivalent in 
or related 
NM requires a 
reign degree 
equ nt, plus three years of 
software development experience 
or bachelor’s, or foreign degree 
equivaient, plus five years of soft 
ware development experience 
working knowledge of IVR and 
CTI technologies, Visual C++ 
MFC, ATL, and the COM/DCOM 
development tool. $78,100/yr 
8am-5pm; M-F. Respond by 
resume to James Shimada, CO 
Dept. of Labor & Employment 
Tower II, #400, 1515 Arapahoe 
St., Denver, CO 80202 & refer to 
Job Order No. CO5004481 


Ber aes 


Supervisory Technical Analyst 
Northbrook, IL. Duties: Desigr 
develop, & impler ( 
solutions to meet objec 

n the capabilities of the JD 
Edwards ERP stem & institu 
tional systems. Lead the mode 
& pilot busines 


ensure rt 


process suppc 


foreseeable business ever 
Lead the preparatior f & 
execution of the JD Edward 
implementatior Document 
process details — work instructions 
to be used as on line help & 
training material. Provide post 
mplementation support & mair 
tenance. Utilize RPG, CLP. 
suite of development tools on ar 
IBM AS400 background. Reqs 
Bachelor's or for equiv in 
Comp. Sci., Mgmt, or a closely 
related field & 2 yrs exp in the 
job offered or 2 yrs exp as a 
Comp. Consultant. Exp which 
may have been obtained 
concurrently, must include: 2 
yrs exp implementing pack- 
aged software, specializing in 
JD Edward's financials, & 1 yr 
exp utilizing RPG, CLP, & the 
suite of development tools on 
an IBM AS400 background 
Mail resume to: Rickeia 
Lessig, Phoebus Corp., 2315 
Sanders Rd., Northbrook, IL 
60062-6145. 


Software Deve! 


nternet applic 
HTML 
9 SQL f 
atabase rs nte 
w sales 
train salespeople 
applications. Gather applicat 
re nents directly from clier 
& business pers: 1, & othe 
fleet mgmt compani 
& fleet m 
mp. applications. 
c test new systems 
Reqs: Bachelor's or for equiv 
in Comp. Eng., Comp. Sci., or 
a closely related field & 2 yrs 
exp in the job offered or 2 yrs 
exp as a Comp. Consultant 
Exp which may have been 
obtained concurrently, must 
include: 2 yrs exp in develop- 
ing internet applications using 
Java and JavaScript, utilizing 
SQL databases, & developing 
web applications which oper- 
ate on Windows NT operating 
bases. Mail resume to: Rickeia 
Lessig, Phoebus Corp., 2315 
Sanders Rd., Northbrook, IL 
60062-6142 


91364 


SAP Business Inforr 
Warehouse (BW mM: 
seeking experienced SAP BW 
echnical consultants 
familiar generic ar 
extractors, data modeling. 
sources and info cubes. Als 
seeking SEM and Supply Chair 
Management/APO experience 
Please e-mail resume to Busi 
ness Information Solutions at 
recruiting@bisamerica.com or 


fax to (858) 458-5819 


oftware Engineer 
Englewood Colorad 

mpany to work 

anticipated locatio 


yut the | 


COBOL L. VSAM, DBz 
OS/400 and MVS. Reas. Master's 


r equivalent in ¢ 


User Support Specie 
technical assistance 
h compute 


rat 
config 

APPHICE 
database 
controlled peript 


able spar 


f by uf 


Jatabases. Bact 


mputer informat 


ing salary. Apply by ma 
CalTech, PROV 3138, 1200 


Sa 
ume: Jim Pearce, THRU-Pt 


DRPORATION, 2099 Gatew 


Professiona! Data Manager 


Again, Inc., providing consulting 


services to the insurance/financial 


industry, currently seeks applicants 
for the following position in its 
Indianapolis, IN location: Senior 
Systems Management Integration 
Professional. There are mu! 
9penings available for this positior 
Applicants for this position must 
have a bachelor’s degree in 
computer science, business ad 
ministration a related field 
and at least five years progressive 
experience in IT consulting, test 
ing, or implementation in the 
employer's industry. For consid 
eration, please forward your 
resume to: PDMA, inc., attention 
Eddie L. Brown, 9229 Delegates 
Row, Ste. 240, Indianapolis, IN 
46240. EOE 


SOFTWARE ENGINEERS: Re 
sponsible for software integration 
and external interface deve 
ment.Use combination of Ora 
PL-SQL, CASE is and Pe 


pleSoft under 


t: Kenr 


85 


ystems Analyst Programmer 


w/ expertise in SAP. 


Resource S 


Quorum Drive, #700, Dallas 


TX, 75240 or fax (9 


contact 


spectrumm.cor 


grammer Analyst 


igineers and Database An: 


ntact: Praveer 


Technol 


jineer 
immer Analyst (Multiple 


Must have BS degree 


Programmer Analyst (SAP 
Systems). Conduct needs analy 
sis & determines informatior 
system requirements in account 
ing & financial areas De: 
develop & upgrade systems 
Install & maintain software & 
servers. Develop & implement 
testing procedures, provide tech 
nical documentation. Job Duties 
to be performed in MS SQL 
& Windows NT. Req: Master 
Degree in Computer Science or 
Engineering. 40-hr wk. Job 
Interview Site: El Segundo, CA 
Send resume to Supply Access. 
Inc. 300 continental Blvd, #200, 
El Segundo CA 90245 


Computerworld + InfoWorld * Network World + October 1, 2001 


MILLIONS OF 
READERS 


MILLIONS OF 
SURFERS 


ONLY 
THOUSANDS 
OF DOLLARS 


TOTAL IMPACT 
TOTAL 
SAVINGS 


Put your message in 
IT careers and 
ITcareers.com and 
reach the world’s 


best IT talent. 


ITCAREERS 


IT careers.com 





Your best investment 
is your professional network. 


WITI’s 2001 
PROFESSIONAL WOMEN’S 
SUMMIT & EXPOSITION 


October 24-25, 2001 nies 


Hynes Convention Center w Boston, MA CapitalQOne 


For more information, conference package pricing or to register for 
the PROFESSIONAL Women’s Suma please visit us at 
www.witi.com or call toll-free 800.334.WITI 


WIT offers a dynamic 2-day accelerated program that will provide every professional women with the essential tools 
opportunities, insights and connections to achieve her goals. Take advantage of this unique occasion to network with 
top leaders and visionaries utilizing technology to succeed 
Over the course of 2 days you will be offered 
> Powerful keynote sessions 
> Practical skill-building workshops 
> Dynamic roundtable discussions 
> Highly interactive panel discussions 


Taking Care of Business 


» Networking, Networking, Networking. 


t 


IL } { ad tl 9, . + 
| have learned so much about myself, my environment, and the people that work with me and P d nti ] 
live with me from this WITI Conference. The only thing that | can say is that as a professional yy Fin: : F iL 
« 
ay Financia 


woman in any technological or business field, you MUST attend this conference 


Kathrine Roberts, Mainframe Programmer, West Corporation 


Raytheon 


Sign up for the Boston Conference before September 21, 2001 Baer? Guat een 
and receive a *200 discount off the at-the-door price. 


WI | OMEN IN TECHNOLOGY INTERNATIONAL 


Advancing Women Through Technology 





RHICONSULTING 


Information Technology Professionals 





Dissecting the 


: s 
Advertising Supplement 


Windows 2000 Server Exam 


costs $100 to take. 


"s 


he Installing, Configuring and Administering Microsoft Windows 2000 Server exam (#70-215) became available in 


June as a requirement in the Windows 2000 MCSE certification track. As of Fall 2000, it does not employ 


adaptive testing, but is a standard exam with a large number of verbose questions. It is administered through both 


" , ) rT 
Part 1 addressed Exam Speci 


Hardware Devices and Drivers 
Windows 2000 fully supports Plug and Play devices. 


With Windows 2000, a vendor of a third-party product is encouraged 
to submit the drivers and operating system files (.dll, .exe, .fon, .ocx, 
.ttf, .sys) to Microsoft. If Microsoft can verify that the files do not 
behave erratically or cause system problems or identifiable failures, 
Microsoft signs the file digitally. When an administrator or user 
attempts to install a new component on her system, the system 
automatically looks for the signature. If it does not find a signature, a 
dialog box appears, prompting the user to decide whether or not she 
wants to continue. 


{river signature, this feature is 


By default, a system always looks for a ¢ 
known as System File Protection. The driver signature is ignored only 


when the user is using one of the following programs: 
B Hotfix.exe 
@ Update.exe 
% Windows Update 
@ Winnt32.exe 


These files are needed to 


install repair all or portions ot 


| /CACHESIZE= 


the operating system and thus 


/CANCEL 


the driver signature is ignored for | 
them. | 
| 


The SIGVERIEEXE 
looks for files that are not digitally 
signed. You can also customize 


utility 


/ENABLE 


the verification options: By 


default, signature verification | 
search results go to the log file /PURGECACHE 


SIGVERIF.TXT 1 


ana you are 
notified when unsigned files are 


/QUIET 


found during searches. 


SFC.EXE is used to automatically 
verify system files after a reboot to 


see if the system files were /SCANBOOT 
changed to unprotected copies. 
Unprotected files are over-written 
by stored copies of the system 
files from %systemroot%\sys 
tem32\dllcache (%osystemroot% is 
the folder into which the operat- 
ing system was installed). SFC 
can be run only by users with the 


Administrator group permissions. 


j 
| 
| /SCANNOW 


/SCANONCE 


fics and the first two of the seven test 


Sets the size of the 
file cache 


Stops all checks 


Returns to 
normal mode 


Clears the cache 


Replaces files 
without prompting 


Checks system files 
on every boot 


Checks system 
files now 


Checks system files 


at next boot 


Virtual University Enterprises (www.vue.com) and Prometric (www.2test.com) testing centers and, like all Microsoft exams, 


, ro. , , . , 
objectit with this one focusing on the other five objectives 


CORO O HEHE REET HEHE EEE EH EEE SESE EEE SESE EEE EEE EEE EEE EEE SESE EEE ESE OHS ESTEE ESE SEE EEE EEE HESS EE EES EESEEEE EEE EE EEE EEE SEE SEE SEES EE EEE EES HEHE EES EEE SEES 


It also requires the use of a parameter. Valid parameters are shown in 


Figure 3 


System Performance 


[wo new runlevels/priorities have been added to processes, making the 
possibilities, from lowest to highest: Low, BelowNormal, Normal, 
AboveNormal, High, Realtime. The only way to change the priority of a 
running process is via Task Manager, which has also been enhanced 
with an “End Process Tree” option. The only way to start a process at 
a priority other than its default is to use the Start command line utility. 


Windows 2000 uses the term “System State data” to refer to all the 

components the operating system needs to function. The “System 

State data” on Windows 2000 Professional is much smaller (a subset) 

than the “System State data” needed on Windows 2000 Server. On 

Professional, this includes only Boot (including system) files, the 
Registry and COM+ database files. On Server, this 
includes those entries plus Certificate Services data- 
base, SYSVOL directory, Active Directory and any 
cluster information. 


The Backup — utility 


Accessories, System Tools—performs backups and 


accessible under Start, 
restores, as well as allows you to interact with the 
Task Scheduler to schedule jobs and make the 
Emergency Repair Disk. No longer limited to backing 
up only to tape, it can write to any media. 


Storage Use 


[he Computer Management snap-in can be found 
under Administrative Tools and is divided into three 
sections: System Tools, Storage and Services and 
Applications. The Storage component provides the 
basis for working with disk devices and is subdivided 
into four other sections: 


@ Disk Management 
@ Disk Defragmenter 
a | ogic al Drives 


@ Removable Storage 


The heart of this section of the exam objectives 
resides in the Disk Management tool, and you must 
be a member of the Administrators group to access 
. . . — . “1 
this tool. Replacing the Disk Administrator utility 
from Windows NT, Disk Management surpasses that 
tool in that it now allows for remote disk management, 


supports dy namic volumes (except on portable computers), 


Computerworld + InfoWorld * Network World * October 1, 2001 





offers wizards for many choices and allows you to make a great many changes 
on-the-fly—without requiring a reboot to be active. Microsoft has changed its 
standard for storage significantly with the release of Windows 2000 by turning to 
dynamic storage. The entire disk must first be converted to dynamic storage, then 
you can create and alter volumes without ever needing to shutdown and restart the 
system for the changes to take effect. By default, every disk starts as the 


basic type, but can be upgraded to dynamic (unless it is removable). 


When dynamic, the pop-up menu for each volume contains the same 


choices as those for basic, plus the following options as well: 


@ Extend Volume. This option allows you to dynamically change 
the size of the volume (available only on NTFS volumes). If the 
volume was originally created on a basic disk, it cannot be 
extended. If the volume was first created on a dynamic disk, it 


can be extended. 


@ Add Mirror. With this option, you can enable 
fault tolerance via mirroring if more than one 


drive is installed. 


@ Reactivate Volume. This option is available only 
if the volume is not currently activated. 


@ Delete Volume. This option forces the loss 
of all data and the space becomes unallocated 


Within Disk Management, there are two frames: the top frame shows 
each volume, its file system, status and capacity, while the bottom frame 
shows each disk—including the CD-ROM and the volumes on it. 
Windows 2000 also includes a disk defragmenter—a menu option that 
appeared in previous versions of the operating system—but it could 
never be selected because no such utility was included with the core 


operating system. 


Quotas can be configured only if the drive is NTFS. They allow you to 
configure the storage limits for users. By default, quota management is 
not enabled; it must be enabled before any other options can be set. 
The check box labeled Deny Disk Space to Users Exceeding Quota 
Limit prevents users from saving their files; when the option is not 
checked, users merely get a warning. With the last two options, you can 
specify what happens when a user exceeds the limit; the program can 
values can be configured 


log events or give warnings. (These two 


independently of one another). 


Network Connections 


No longer just one of multiple protocols that you can choose, TCP/IP 
is now the required protocol. It is required for all the features new to 
Windows 2000 that rely upon Active Directory and other services. 


TCP/IP can have host names resolved to IP addresses with the use of 


DNS servers (which now interact with WINS servers), and can have IP 
addresses automatically issued through the use of DHCP servers. In the 
absence of DHCP or manual addressing, Windows 2000 uses 
Automatic IP Addressing to assign hosts addresses in the 169.254.x.x 


range. 
Besides TCP/IP, there is also support for (but not default installation 
of) four other protocols: 

@ NetBEUI — for older Microsoft clients. 

@ NWLink — for communication with NetWare servers. 


@ AppleTalk — for Macintosh clients. 


CW011001N.3 


Computerworld 


InfoWorld » Network World 


BDLC 


printers (newer network printers use TCP/IP) 


for communicating with mainframes and older network 


here are two protocols to use for creating Virtual Private Networks 
(VPNs): 
@PpPriP 


with NT 4.0 and is an expansion of the PPP protocol. This 


Point-to-Point- Tunneling Protocol. This one was included 


protocol uses MPPE encryption. 


@L21P 


systems, it is not new at all, having been used by other vendors 


- Layer 2 Tunneling Protocol. New to Microsoft operating 


for years. IPSec is the encryption it utilizes. 


Security 


n attribute for 


he Encrypting File System (EFS) allows you to toggle a 
a file or folder just as you would any other, and it protects the contents 

the object you select is a folder, all contents of the folder—files, 
subfolders and so on—also become encrypted. Files that are pasted into 
an encrypted folder become encrypted as well, but files that are placed 


in the folder with drag-and-drop do not become encrypted automatically. 


In order to use EFS, the file system must be NTFS and the files must 


not be compressed. Some files—system files particular—cannot be 
compressed no matter what other conditions exist. If you move or copy 
an encrypted file to one of these partitions, it automatically becomes 


unencrypted. 


From the time a file is encrypted, a digital code associated with the user 
(encryption certificate) is assigned to it. This allows the encrypting user to 
open and work with the file exactly as if it were unencrypted, but prevents 
anyone else from doing so. Because the file can only be opened by the 
encrypting user, this mz akes EFS perfect for personal data, but unusable on 
any data you want to share. 


You can use the Export command in the Certificates snap-in to copy 
your file encryption certificates to another location-such as a floppy 


drive. Doing so will allow you to unencrypt your files in the event of a 
restore operation being necessary after a media failure (at which time 


you can use the Import command to bring them back from the floppy) 


Group Policies and the Group Policy Editor (gpedit) are new and exclusive 
to Windows 2000. For Windows NT and 9x clients, you must still use 
System Policies, which can be created with the System Policy Editor 


(poledit). 


Summary 


The objectives for the Windows 2000 Server exam cover a lot of 
ground. While appearing to walk through all the features of the oper 
ating system, they truly focus on those items that are new. With a little 
studying, and a lot of hands-on experience with the operating system, 
you will be able to pass this exam and be well on your way to being 
certified as a Windows 2000 MCSE. 


se refer 

twork World 

—s ee ee 
ee 


For information on Advertsing in the the ITCareerssection please contact: 
Janis Crowley, 650.312.0601 or janis_crowley@itcareers.net. 


Produced by: Text taken from the November 2000 issue of CertMag's StudyGuide, 


www.certmag.com. 


October 1, 2001 





(rt) careers.com 


IT CAREERS 


Advertising Supplement 


IT Careers in Web Development 


Over the past four years, the primary focus of 

web applications and development was on basic 
operation — getting a site up and running and 
providing data and information to conduct business. 


That's changed somewhat with the turn of the century. More and more, 
businesses are looking for additional flexibility and power within their 


applications 


David Renaud, executive vice president of development, chief technology 
officer and co-founder of Satmetrix Systems in Mountain View, CA, says 
his company has long been committed to developing web-enabled 
software that measures, analyzes and allows companies to improve 
“Satmetrix Systems embeds market 


research techniques, best practices and benchmark information in its 


customer satisfaction over time 


software to provide the most accurate and timely insight available,” 
explains Renaud. “Now, we're enhancing the self-administration capabili 
ties of our software so that web-reporting sites for customers provide 


greater freedom to navigate and control the system from their end” 


While usability is one facet, Renaud says customers also are looking for 
additional features that broaden the scope and power of applications 
“Our client users are now translating customer comments from customer 
satisfaction surveys into various languages so that the information can be 


presented to different audiences,” he explains. “For example, a survey is 


TME- BEST MINDS. THE BEST’ OPPORTUNITIES. 


JOIN A SYSTEMS TEAM 
THAT HAS REVOLUTIONIZED 
AN ENTIRE INDUSTRY 


Fidelity Investments maintains the industry's most advanced technology 
infrastructure. But it's our people who are our most important asset. Our 
systems professionals are among the best and brightest in the field 
They thrive on our unyielding commitment to technology, creating a 
culture of continuous improvement and significant achievement. If you'd 
like to be part of it, invest in a systems career at Fidelity today. 


OPPORTUNITIES AVAILABLE IN BOSTON AND MARLBOROUGH, MA; MERRIMACK, NH; 
SMITHFIELD, Rt; NEW YORK, NY; COVINGTON, KY; DALLAS, TX; AND SALT LAKE CITY, UT 


Some of the Positions Available: 


HOW TO RESPOND: For best response, apply or 
fidelity.com/jobs and cr 

(Indicate Job Code), 
BENEFITS: Three-part 





Computerworld + InfoWorld « 





conducted in a native language, say French. The company’s director of 
customer service can translate the comments into English, using the 
software, and present the data to managers who might be based in the 


United States and use English as their first language 


Renaud says Satmetrix Systems has three functional areas for IT careers 
1) overall web globalization management, 2) production of web sites using 
HTML and XML skills, Java script, graphics and multimedia; and 3) back- 
end or infrastructure of web sites managing servers and configuration, 


hardware and software 


“Know your strengths and passions and follow them.” 


In today’s IT environment, “know your strengths and passions and follow 
them,” advises Renaud. “There are many directions you can pursue in web 
development, but you should pursue those that come most naturally. 
Steel yourself with the right kind of ongoing training and education. At 
Satmetrix Systems, you have the chance to work alongside clients repre- 
senting the blue-chip companies of the world, from Siebel Systems and 
PeopleSoft to Cable & Wireless and Honda. We may be a high technology 
company, but what makes us stand out is our people” 


For more job opportunities with web development firms, turn to the pages 
of ITcareers 
© If you'd like to take part in an upcoming lTcareers feature, contact 
Janis Crowley, 650.312.0607 or janis_crowley@itcareers.net 
© Produced by Carole R. Hedden 
© Designed by Aldebaran Graphic Solutions 


Opportunities with 
ThinkSpark 


1g for exper 


n Atlanta, Austin 

1 Dayton 

Fort Wortt 

1, Las Vegas, Oklahoma 
Omaha, San Antonio and 
Relo nm and some 


may be 


lTcareers.com is 
the place where your fellow readers 


are getting a jump 


n multiple 


on even more of 
onwide and 

uding the Orange the world's best jobs. 
area and =the 

Bay area. Please 


Stop in a visit. 


Jept50619 


See for yourself. 


1-800-762-2977 


Network World + October 1, 2001 





With a deep line-up of print, web and event- 
driven products, IDG Recruitment Solutions 
can deliver solid results with record speed. 


This is the way to integrate your recruitment 
efforts moving your message to your target 
audience across several platforms-with 
maximum efficiency and effect. 


IDG Recruitment Solutions is as close as your 
keyboard, as fast as your modem, as easy as 
picking up the phone. 


For more information or to place an ad, contact 
Janis Crowley at olen —nar ert 


Janis_Crowley@itcareers.net. == 
ae J1De 


Recruitment Solutions 





Main phone number (508) 879-0700 
All editors unless otherwise noted below 
Main fax number (508) 875-8931 


24-hour news tip line (508) 620-7716 
E-MA 


Our Web address is www.computerworld.com. 
All staff members can be reached 
via e-mail using the form 
firstname_lastname@computerworld.com. 


\ll IDG News Service correspondents 
can be reached using the form 
firstname_lastname@idg.com. 


Letters to the editor are welcome and 
should be sent to: letters@computerworld.com. 
Include your address and telephone number 


PO Box 9171, 500 Old Connecticut Path, 
Framingham, Mass. 01701 


Subscription rates: U.S., $58/year; Canada, 
$110/year; Central and South America, 
$250/year; all others, $295/year 


Phone (800) 552-4431 
E-mail circulation@computerworld.com 
Back Issues (508) 820-8167 


Phone... Ray Trynovich (717) 399-1900, ext. 124 
E-mail rtry@rmsreprints.com 


RESOURCES 


How to Contact Computerworld 


We invite readers to call or write with their 


comments and ideas. It is best to submit 
ideas to one of the department editors and 
the appropriate beat reporter. 


Editor in Chief 
Editorial Director, Print/Online 


EPAF 


BUREAL 


News Editor 

Assistant News Editor 
Business Editor 
Technology Editor 

IT Careers Editor 
Washington Bureau Chief 
West Coast Bureau Chief 


Mobile computing/wireless 
Internetworking, telecom/wireless, 
defense and aerospace 
Application development, Java. 
Web infrastructure, automotive 
General assignment, 
e-mail, groupware, travel 
Network, systems management 
Financial services, storage 
E-commerce 
General assignment, Inte! servers 
transportation/carriers 
Microsoft, retail industry 
Enterprise resource planning, 
customer relationship management 
and supply-chain software, Novell 
State/federal government, Patrick T 
antitrust, legal issues, politics 


COMPANIES IN THIS ISSUE 


Page number refers to page on which story begins. 


Company names can also be searched at 


www.computerworld.com 


211 ADMINE 
YEFENSE 
EME 
NUMBER ASSO: 
NATIONAL INFRA: 
PROTECTION CENTER 


NATIONAL SCIENCE FOUNDATION 


Security, databases 

Large systems/high-end 

Web server technology. security. 
heavy manufacturing 

General assignment. 

Linux and Unix operating systems 


Senior News Columnist 
Columns Editor 


Special Projects Editor 

Editor at Large 

Reviews 

Special Projects Editor 
Technology Evaluations Editor 


ME 


Director, online and design 
Managing editor/online 

Online news editor 

Online news editor 

Communities director 
Communities senior editor/writer 
Communities page editor 
Communities builder 

Associate art director 

Associate art director 


Keeley ( marketing associate/researcher; 


Web development manager; Kevin Gerich, Mark ‘ 


COMPUTERWORLD October 1, 2001 


Web developers. y. associate Web developer 
online production coordinator and e-mail newsletter editor 
t senior Web designer 


} graphic designer 


research manager; A Wright. research associate: 


W research assistant 


managing editor/production (5 
assistant managing editor/production 

b Raw senior copy editors, Ja Jay 

Mike Pa M pambataro, copy editors 


N 


design director, (508) 820-823: 
Hayes, art director, Ay r, associate art director 
graphic designer graphics coordinator; 


F t A 1, cartoonists 


PPORT 


office manager (¢ 


ADVERTISERS INDEX 


bility tor error 





COMPUTERWORLD October 1, 2001 


Continued from page 1 


dava Spec 


form of remote calls to Web- 
based applications that use 
HTTP and XML, Mizzi said. 
Mizzi’s team built the applica- 
tion with JBuilder Java devel- 
opment tools from Scotts Val- 
ley, Calif.-based Borland Soft- 
ware Corp., he said, rather than 
using a J2EE-based application 
server that didn’t adequately 
support Web services. 

J2EE 1.3 is “an interim step 
in making the Java platform 
more coupled and 
standards-oriented,” said Dar- 
ryl Plummer, an analyst at 
Gartner Inc. in Stamford, 
Conn. “The 1.4 specification 
will add more capabilities that 
are in the [Java Community 


loosely 


Process] right now.” 


SOAP Lacks Support 


Inadequate support for Sim- 
ple Object 
(SOAP), a standard for swap- 
ping XML-based Web services 
among disparate systems, is 
another J2EE_ shortcoming, 
said Randy Heffner, an analyst 
Mass.-based 


Access Protocol 


at Cambridge, 
Giga Information Group Inc. 

“There is no standard mech- 
anism for SOAP within the 
J2EE 1.3 environment,” Heffner 
said. As a result, portability be- 
tween applications written 
with different J2EE-compatible 
application servers is hindered. 

“There’s not anything in the 
1.3 specification that supports 
SOAP directly,” said Ralph Gal- 
antine, a J2EE product line 
manager at Sun. Galantine said 
the Java Community Process 
executive committee, the gov- 
erning body for J2EE, would 
address Web services func- 
tionality in Version 1.4. Com- 
pany officials aren’t sure when 
Version 1.4 will be released. 

Plummer noted that rather 
than wait for SOAP and Web 
service features to get formal- 
ized in J2EE, some licensees, 
such as IBM and San Jose-based 
BEA Systems Inc., have added 
that support on their own. 





The J2EE 1.3 specification | 
includes a new Java connector | 
architecture, a Java Message 


Service (JMS) and XML inte- 
gration support, as well as im- 


proved Enterprise JavaBeans 


(EJB) 2.0. These features are | 
aimed at simplifying applica- | 
integration and pulling | 


tion 
data from back-end systems, 
such as enterprise resource 
planning or customer relation- 
management 
Galantine said. 


ship 


The new specification also | 
addresses problems with EJBs | 


and their ability to port data 
between application servers, 


he said. It requires application 


vendors to support JMS and 
the same version of Internet 
Inter-ORB Protocol in order to 
pass compatibility testing. 


Requiring JMS is important, | 


said Heffner, because without 
it, there is no guarantee that 


applications can “talk” to one | 


another. 

Joe Choti, chief technology 
officer at New York-based Ma- 
jor League Baseball Advanced 
Media LP, said he believes that 
JMS support should make in- 
formation _ transfers 
within the Java application en- 
vironment, but he added that 
he would like to see more. 

In particular, MLB Advanced 
Media has difficulty retaining 
user information on its Web 
properties when an EJB server 
crashes due to problems with 
the structure of persistent ses- 
sion beans, which are EJBs that 
get saved and stored in client 
sessions, Choti said. 


easier 


MLB Advanced Media uses 


application servers and tools 
from iPianet E-Commerce So- 
lutions, a Sun-Netscape Al- 
liance partner. 


“We're still struggling to ex- | 


ploit the functionality that is 
proclaimed to be in the stan- 
dard that just isn’t working for 
us, like replication, clustering 
and fail-over,” Choti said. D 
Development 


Quick 
l Ink Knowledge Center 


www.computerworld.com/q?k1100 


For more, go to our 
Application/Web 


systems, | 





NEWS 


Continued from page 1 


Online Attacks 


ing of two powerful trends into 
one major problem. Without 
changes by vendors and end 
users in the design and deploy- 
ment of systems, there could 
be economic consequences, 
warned security experts. 
“Today’s commercial off- 
the-shelf technology is riddled 
with holes,” said Richard 
Pethia, director of the CERT 
Coordination Center at Carne- 
gie Mellon University in Pitts- 


burgh. “The sheer number of 


vulnerabilities is overwhelm- 
ing organizations.” 

Pethia, testifying last week 
before a U.S. House subcom- 
mittee examining Internet se- 
curity, said reactive solutions, 
such as applying patches, “are 
reaching the limit of their 
effectiveness.” 

Software design vulnerabili- 
ties have been consistently ris- 
ing because of difficulties in 
configuring operating systems 
and applications and because 
vendors make security a low 
priority, said Pethia. CERT re- 
ported 400 vulnerabilities in 
1999 and 1,090 last year, and it 
expects the number to hit 
2,000 this year. Compounding 
the problem are fears that In- 
ternet-related terrorist inci- 
dents will increase. 

“I believe the threat is even 
greater today than it was be- 
fore Sept. ll,” said Michael 
Vatis, a former assistant direc- 
tor for the FBI and former head 
of the National Infrastructure 
Protection Center (NIPC), the 
government’s lead agency on 
cybercrime issues. 

Vatis, now head of the Insti- 
tute for Security Technology 
Studies at Dartmouth College 
in Hanover, N.H., based his 
prediction on a study of cyber- 
attacks during prior conflicts, 
such as the capture of a U.S. 
spy plane by China in April. 

“The possibility is there to 
take down significant portions 

Internet and the critical 
ANADIAN POST 
Ma: 01701 
dation depar 


tly to Copyrigh 
1811 Olde He 


y 4 within 6O day 


52-4431. POSTMASTER: Ser 


ls Y2k a Blueprint for Organizing IT? 


In preparing for Y2k, the White 
House appointed a czar to organize | 
critical industries to combat the 
problem. Business and government | 
worked closely together across 
sectors and established a command | 
center for information to help U.S. | 
businesses deal with the problem. A | 
few months into 2000, it was dis- | 
mantled. 
Now a push is on to put it back 
together. Michael Gent, president of 
the North American Electric Relia- 
bility Council in Princeton, N.J., has 
been meeting with other utility 
CEOs to test interest, said spokes- 
woman Ellen Vancko 
Harris Miller, head of the Infor- 
mation Technology Association of 
America, said the Y2k network 
should have never been shut down 
“That was a decision made by 
the outgoing administration over 


infrastructures that rely on the 
Internet,” he warned in testi- 
mony he gave last week before 
the House Subcommittee on 
Government Efficiency, Finan- 
cial Management and Inter- 


governmental Relations. 


Pethia underscored the 
point. While much of the Inter- 
net is very robust, he 
“there are those few key points 


said, 


like domain-name servers that 
don’t have enough redundancy 


| or ability to quickly recover 


from attack. If we focused in 


| on those key points, we can 


make a lot of progress in a 
short period of time.” 

Vatis and Pethia said software 
vendors have to make security 
paramount. End users agree. 

The problem is that security 
isn’t a driving factor for soft- 
ware firms in marketing their 
products or for end users in 
choosing them, said _ Eric 
Brock, information security 
manager at Dallas-based cos- 
metics company Mary Kay Inc. 

“Security professionals need 
to do a better job of communi- 
cating risks to business deci- 
sion-makers,” said Brock. If se- 
curity becomes a bigger part of 
software buying decisions, 


». Mass. 01970. Re 
17) 399-1900, Ext. 124 
ada - S110 per year 


jount Morris, Ill. 61054-051 


our strong objections,” he said 

John Koskinen, Washington's 
city administrator and former head 
of the White House Y2k effort, said 
that unlike the year 2000 problem 
today’s threat to IT is undefined, the 
response is difficult, and there is no 
known time frame. 

“Nonetheless, | don’t think there 
is any way to deal with determining 
the nature of the threat, protecting 
against it and having appropriate 
mechanisms in place without an 
effective renewal of those partner- 
ships or networks across the econ 
omy,” he said 

Koskinen believes it will be up to 
the White House, but particularly 
the new head of the Office of 
Homeland Security, Pennsylvania 
Gov. Tom Ridge, to decide whether 
to reform the network 

- Patrick Thibodeau 


vendors will have to pay closer 
attention to it, he said. 

Harris Miller, president of 
the Information Technology of 
America in Arlington, Va., who 
also testified at the hearing last 
week, said it would be inaccu- 
rate to say the Internet is vul- 
nerable. “There are obvious 
physical risks,” he But 


while no design is perfect, soft- 


said. 


ware makers are trying to build 
systems with the highest secu- 
rity settings, he said 

However, end-user compa 
nies don’t always take advan- 
tage of those security features 
and sometimes turn them off, 
he said. 

Wilfred Camilleri, informa- 


the 
University of Toronto, said end 


tion security manager at 


users are having a tough time 
staying abreast of patches. 
“The problem that we are 
encountering most often is 
that people are not aware that 
patches are available,” he said. 
Ronald Dick, chief of the 
NIPC, said that about 80% of 
the issues his agency tackles 


| could have been avoided if sys- 


tems administrators “would 
just download a patch and re 


pair their systems.” D 


== pps ABM @> 





FRANK HAYES 


FRANKLY SPE 


THE BACK PAGE 


AKING 


Time to Retool IS 


AIR IS FAIR. I’ve kicked Gartner analysts for some dumb 


ideas over the years, so it’s 
them for getting it right. And last week, Gartner’ 
probably the gutsiest call you'll 


Pescatore made what’s 


only fair to recognize one of 


s John 


hear from any analyst this year. Pescatore recommended 


that IT shops using Microsoft’s 


Internet Information Server (IIS) 


should “immediately investigate alternatives to IIS” because of its 
security problems (see story, page 10). 


Gutsy? You bet. Gartner’s 


customers don’t have a lot of spare 


money to replace key systems right now. And they don’t want to 


look bad for having picked a lousy system. So 
the advice that big IT shops should dump a ma- 
jor Microsoft product is likely to go down like a 
live frog. 

Microsoft insists that IIS is no worse than 
its competitors’ products. Loyal customers in- 
sist they want their IIS. Other consulting firms 
are making kissing noises in the direction of 
Redmond. 

But Pescatore is right. IIS is broken, and the 
endless stream of patches isn’t enough. IIS 
should be rewritten from the ground up, with 
the kind of attention to security and software 
quality that we need from serious IT infrastruc- 
ture products. 

And Microsoft won't do that until IT shops 
stop accepting Microsoft’s excuses and justifi- 
cations. 

If those excuses and promises were just a 
smoke screen for a furious effort on Microsoft’s 
part to roll out a secure IIS, it wouldn’t be nec- 
essary to call for pulling the plug. 

But unfortunately, that’s not the case. Micro- 
soft’s focus is on fighting off complaints about 
and competitors to .Net and Passport and Hail- 
Storm. Security and code quality are getting 
short shrift. 

If this were any other industry, 
there would be government investi- 
gations and class-action lawsuits. If 
Microsoft made faulty automobiles, 
the company wouldn’t get away 
with sending every customer hun- 
dreds of parts to retrofit and then 
insisting it was the customer’s fault 
in case of a crash. 

But this is the IT business, where 
we've put up with decades of 
shrink-wrap licenses and nobody’s- 
perfect shrugs from software ven- 
dors. The law says Microsoft does- 


FRANK HAYES, Computer- 
world’s senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 
frank_hayes@computerworld.com. 


n’t have to care whether its products work. The 
only people who can make Microsoft care are 
the people who cut the purchase orders. 

Which means it’s time for IT shops to com- 
pare what replacing IIS will cost — in price, 
functionality, cede rebuilding and staff retrain- 
ing — with the cost and risk of all those patches 
and all those worm attacks. 

It’s time for corporate IT managers and CIOs 
to look at hard numbers on those costs and 
risks and to take those numbers seriously — 
especially when it’s time to make decisions on 
new Internet applications and upgraded server 
software. 

Maybe most important, it’s time for Microsoft 
to respond. Not with more “We're no worse 
than anyone else” excuses. Not with a public re- 
lations campaign, or a hard sell aimed at cus- 


tomers. But with a plan — a plan to create an in- | 


dustrial-strength Internet server that doesn’t 

ship with gaping security holes, doesn’t require 
constant patching and doesn’t hand every anti- 
social teenage cracker a tool for creating chaos. 

Can Microsoft build a secure IIS? Sure. Mi- 
crosoft has some of the smartest programmers 
in the world. It has the resources to hire what- 
ever talent and skills it doesn’t al- 
ready have. All Microsoft lacks is 
the will to do what needs to be 
done. 

We all know the man who can 
provide that will. His title says 
he’s in charge of software at Micro- 
soft. The stock he owns says he calls 
the shots. 

So over the coming weeks and 
months, while you’re looking hard 
at alternatives to IIS, keep an eye on 
the man who should have a plan. 

And maybe we'll find out if Bill 
Gates is as gutsy as John Pescatore. D 








SALES VP spends all day typ- 
ing up a forecast, prints it, then 
closes the document without 
saving it. His frantic aide races to 
an IT pilot fish for help. “She be 
lieves that | can find the docu 
ment if it's been less than an 
hour since it was closed without 
saving,” says fish. It doesn't 
work that way, says fish, but aide 
doesn't want to believe it vo sn't 
there some place it just goes for 
an hour?” 


USER STICKS his head into IT 
pilot fish's office to complain that 
the water cooler in the confer 
ence room isn't getting the water 
cold enough. Suggests straight- 
faced IT pilot fish, “Have you 
tried rebooting it?” 


IT SHOP’S HARDWARE guys 
don't like how hard it is to re- 
move the cover from one server 
they're evaluating, so they give it 
a thumbs down. That's unfair, re 
seller tells pilot fish: “The hard- 
ware is extremely reliable and 
hardly ever has to be opened for 
repairs.” 


FIVE MINUTES AFTER his 
PC's operating system upgrade 
is complete, user tells IT pilot 
fish, “I have one program that's 
not working.” Fish tries every 
trick he knows for two hours, but 


COMPUTERWORLD October 1, 2001 


i 


s 

a > 
he can't get the software to run 
Finally, he offers to return the PC 
to its pre-update state. “That's 
OK.” user says. “It never worked 
on this machine anyway.” Why 
didn’t you tell me that? fish de- 
mands. “Oh, | figured you'd know 
how to make it work.” 


BOSS'S PC won't start, so sup- 
port pilot fish starts walking him 
through the usual troubleshoot- 
ing procedure. After several 
steps, boss interrupts: “Do you 
think all the ants coming out of 
the surge protector could have 
anything to do with it?” 


MY PC HAS fallen asleep, user 
insists. “Do you mean the screen 
is blank?” asks pilot fish. No, it's 
asleep. “How do you know it's 
asleep?” Because it’s snoring, 
user says. Sure enough, there's a 
stream of Zs running across the 
screen, fish sees when he ar- 
rives. There's also a notebook 
sitting on the Z key, fish notices. 
He surreptitiously nudges the 
notebook off the keyboard — and 
shouts, “Wake up!” 


Wake me up, too: sharky@ 
computerworld.com. You 
score a sharp Shark shirt if your 
true tale of IT life sees print - or 
if it shows up in the daily feed at 
computerworld.com/sharky. 


The 5th Wave 


“OK, T think I forge 10 mention this, but we now have 


a Web ment function 
Us me ng nays a broken 
Web cite.” 


that automatically alerts 
link on The Aquarium's 





Can't handle another byte? Store Smarter.” 


Introducing Active Archive Solutions: The intelligent way to optimize database performance. 
Active archiving is a breakthrough way to relieve the pain of overloaded databases, sluggish 
application performance and endless hardware upgrades. Database size is dramatically reduced 
by systematically setting aside infrequently used data. However, the data is always kept close at 
hand for easy access. Best of all, you save money by optimizing the hardware you already 


have. Get smarter. Call 800-457-7060 or visit www.storesmarter.com. 
princeton 


softech 





* LEC 


il 


rHI 


Re shaping IT infrastructure 


How’s this for a challenge? ‘Take an e-business infra- 
structure teeming with disparate networks. platforms, 
standards and applications. and make them all work as one. 
\cross all business units. With suppliers. partners and 
customers. Yep. integration is one colossal test of strength. 

So how do you tackle it? You can start by ordering our 
Software Evaluation Kit for Linux: (It’s yours free by 
simply registering by phone or online.) In it you'll find an 
overview of e-business integration, along with perspec- 
tives and strategies for tough integration challenges. You'll 
also get free trial code for IBM software such as DB2: 
WebSphere: Lotus” and Java™ Tools. It's the pertect 
integration software primer. And best of all, everything 


in it also speaks Linux. 


CLICK OR CALL FOR 


BOOK OF @BUSINESS 


INTEGRATION: 


A HERCULEAN TASK. 


s can be difficult for mere mortals. 


As the fastest growing and most accessible operating 
system, Linux is an ideal platform for the integrated 
environment. For small business or corporate behemoth. 
It's open, sealable and hardware-agnostic. 

That’s why IBM offers the industry's richest 
selection of code for Linux. And then backs it with IBM 
service, support and consulting. That means an army of 
integration experts proficient in everything from 
designing to deploying to maintaining 
truly open and interoperable systems. 

‘To see how you can take on an inte- 
gration project, with little to no chance of 
a hernia, visit our Web site or call today for 


your free Software Evaluation Kit for Linux. 


{ FREE IBM SOFTWARE EVALUATION KIT FOR LINUX. 


> ibm.com/e-business/soready/p4 | @) 1800 426 7080, ask for Open 


\OTE: 1BM, Lotus, the e-business logo and other marks designated * or 


are trademarks of International Business Machines Corporation in the United States and/or other 


countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Other company, product and service names may 


be trademarks or service marks of others. Linux is a registered trademark of Linus Torvalds 
be required to c 


2001 IBM C 


rporation. All rights reserved. Limit one kit per respondent. Respondents will 
ymplete a registration form in order to participate in this offer. Offer ends 12.31.01. Offer available only in U.S. 





